[DNSfirewalls] rpz firewall + whitelisting

Vernon Schryver vjs at rhyolite.com
Tue Aug 27 17:16:04 UTC 2019

On 8/27/19, Vadim Pavlov <pvm_job at mail.ru> wrote:
> Just in case.
> Do not forget that every single rule consumes memory. It is ok for hundreds
> or a few thousands indicators but it may be an issue if you have more or a
> low end server. E.g. I’ve tested with 2.5M RPZ rules (2 rules per indicator)
> - bind9 consumes 1.2Gb-2Gb of RAM, PowerDNS about 600Mb.

FastRPZ uses significantly less memory per rule, but the point is
valid.  2.5M rules is not an impossible number of RPZ rules.  I think
some of Spamhaus' policy zones are about that large.

Please let me point again at 
That document is supposed to say all that can be said about RPZ without
needing to look at any code.

Vernon Schryver    vjs at rhyolite.com

More information about the DNSfirewalls mailing list