[DNSfirewalls] RPZ- performance impact of disabling recursive-only?

Aaron Sommer asommer at infoblox.com
Wed Dec 14 18:06:01 UTC 2016


Has anyone experimented with disabling the RPZ recursive-only flag? If you have, can you give any guidance regarding impact on server load?

Background: I have a use case where local zone files are being compromised, and malicious hostnames are being added to the zones. The goal is to prevent the server from responding to queries (including queries for local zone data) with known-malicious IPs. RPZ appears to have the necessary functionality (if the recursive-only setting is disabled), but I want to be sure doing this will not bring the server to it’s knees.

Thank you,
Aaron Sommer
Threat Analyst, Cyber Intelligence
o: +1 253.590.4100
asommer at infoblox.com <mailto:asommer at infoblox.com> | www.infoblox.com <http://www.infoblox.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbarn.org/pipermail/dnsfirewalls/attachments/20161214/f3169a8d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.redbarn.org/pipermail/dnsfirewalls/attachments/20161214/f3169a8d/attachment.bin>

More information about the DNSfirewalls mailing list