[RPZ] Which 'options' section does the RPZ config go in?

April Lorenzen data at serverauthority.net
Sat Mar 30 15:53:37 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Izzy,

I would expect that if the master zone is being recreated periodically as in a file replace and reload, that you are going to get
an IXFR.

VS if the master zone is just updated by nsupdate if a diff(erence) occurs between current and previous content of an RPZone file.

To be more explicit, if a high frequency update blocklist typically puts out a new file to rsync with a new serial number, maybe
they just keep doing that pulling from a db to generate even a file that hasn't changed and isn't getting high frequency updates.

This propagates to the servers that produce a master zone for RPZ drop and then you get these IXFRs.

The brilliance of nsupdate is that like an incremental transfer, just the changed (added or dropped) records get send to the
master BIND with RPZ ... there's no zone reload, closer-to-zero propagation delay and you'd only get an IXFR if there's a change.

That's IIUC.

HTH,

- - April Lorenzen

On 3/30/13 11:12 AM, ixloran at sent.at wrote:
> Hi
> 
> On Fri, Mar 29, 2013, at 10:33 PM, Andrew Fried wrote:
>> On 3/30/13 1:29 AM, Vernon Schryver wrote:
>>> of drop.rpz.spamhaus.org every ~15 minutes.  I thought DROP is
>> DROP is pretty static - until it changes.  With ixfr no data should move if the zone doesn't change.  What I didn't want was
>> a change that took a long time to propagate due to long update intervals.
> 
> rpz zone has apparently revived itself; i now see the "rpz.spamhaus.org.zone/rpz.spamhaus.org.zone.jnl" files.
> 
> But i ALSO see numerous updates to drop.rpz, which seems inconsistent with the 'static'-ness of DROP.
> 
> from my logs overnight: ... 29-Mar-2013 23:31:04.577 general: info: zone drop.rpz.spamhaus.org/IN/internal: Transfer started. 
> 29-Mar-2013 23:31:04.907 general: info: zone drop.rpz.spamhaus.org/IN/internal: transferred serial 1364625002 29-Mar-2013
> 23:48:21.029 general: info: zone drop.rpz.spamhaus.org/IN/internal: Transfer started. 29-Mar-2013 23:48:21.360 general: info:
> zone drop.rpz.spamhaus.org/IN/internal: transferred serial 1364625902 30-Mar-2013 00:02:12.799 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 00:02:13.141 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: transferred serial 1364626803 30-Mar-2013 00:15:26.584 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 00:15:26.894 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: transferred serial 1364627703 30-Mar-2013 00:33:55.997 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 00:33:56.338 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: transferred serial 1364628603 30-Mar-2013 00:47:07.771 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 00:47:08.079 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: transferred serial 1364629502 30-Mar-2013 01:00:45.517 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 01:00:45.852 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: transferred serial 1364630403 30-Mar-2013 01:18:17.946 general: info: zone 
> rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 01:18:21.761 general: info: zone rpz.spamhaus.org/IN/internal:
> transferred serial 1364631123 30-Mar-2013 01:18:23.961 general: info: zone drop.rpz.spamhaus.org/IN/internal: Transfer
> started. 30-Mar-2013 01:18:24.312 general: info: zone drop.rpz.spamhaus.org/IN/internal: transferred serial 1364631303 
> 30-Mar-2013 01:32:07.748 general: info: zone drop.rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 01:32:08.112
> general: info: zone drop.rpz.spamhaus.org/IN/internal: transferred serial 1364632203 30-Mar-2013 01:48:41.490 general: info:
> zone drop.rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 01:48:41.849 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: transferred serial 1364633102 30-Mar-2013 02:01:48.282 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 02:01:48.613 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: transferred serial 1364634002 30-Mar-2013 02:18:33.715 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 02:18:34.074 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: transferred serial 1364634902 30-Mar-2013 02:32:24.512 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 02:32:24.862 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: transferred serial 1364635802 30-Mar-2013 02:45:34.299 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 02:45:34.624 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: transferred serial 1364636703 30-Mar-2013 03:04:09.737 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 03:04:10.056 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: transferred serial 1364637602 30-Mar-2013 03:16:48.487 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: Transfer started. 30-Mar-2013 03:16:48.819 general: info: zone 
> drop.rpz.spamhaus.org/IN/internal: transferred serial 1364638503 ...
> 
> No idea if all's healthy yet. :-/
> 
> -Izzy _______________________________________________ dnsrpz-interest mailing list dnsrpz-interest at lists.isc.org 
> https://lists.isc.org/mailman/listinfo/dnsrpz-interest
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlFXCnUACgkQU60bNfmbotTJBQCfbTmqHQRzoydNWn1ZTdXXiOxJ
1QQAoIxZkDCml1b9E3HtiXRraftNz8HR
=zc4Y
-----END PGP SIGNATURE-----

More information about the DNSfirewalls mailing list