From asommer at infoblox.com Wed Dec 14 18:06:01 2016 From: asommer at infoblox.com (Aaron Sommer) Date: Wed, 14 Dec 2016 18:06:01 +0000 Subject: [DNSfirewalls] RPZ- performance impact of disabling recursive-only? Message-ID: Hello, Has anyone experimented with disabling the RPZ recursive-only flag? If you have, can you give any guidance regarding impact on server load? Background: I have a use case where local zone files are being compromised, and malicious hostnames are being added to the zones. The goal is to prevent the server from responding to queries (including queries for local zone data) with known-malicious IPs. RPZ appears to have the necessary functionality (if the recursive-only setting is disabled), but I want to be sure doing this will not bring the server to it?s knees. Thank you, Aaron Sommer Threat Analyst, Cyber Intelligence o: +1 253.590.4100 asommer at infoblox.com | www.infoblox.com -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: