[DNSfirewalls] rpz firewall + whitelisting
Vadim Pavlov
PVM_JOB at MAIL.RU
Tue Aug 27 16:51:29 UTC 2019
Just in case.
Do not forget that every single rule consumes memory. It is ok for hundreds or a few thousands indicators but it may be an issue if you have more or a low end server. E.g. I’ve tested with 2.5M RPZ rules (2 rules per indicator) - bind9 consumes 1.2Gb-2Gb of RAM, PowerDNS about 600Mb.
Vadim
> On Aug 27, 2019, at 08:46, Lee <ler762 at gmail.com> wrote:
>
> Wow! The guy that wrote the code!! I have to ask .. instead of me having to do
>
> $ cat db.test-rpz
> $ORIGIN rpz.test.
> @ IN SOA localhost. admin ( 2019082418 6h 15 1d 1s )
> IN NS localhost.
> 2o7.net CNAME .
> *.2o7.net CNAME .
> 112.2o7.net CNAME .
> *.112.2o7.net CNAME .
> 102.112.2o7.net CNAME .
> *.102.112.2o7.net CNAME .
> com.102.112.2o7.net CNAME .
> *.com.102.112.2o7.net CNAME .
> bcbsks.com.102.112.2o7.net CNAME rpz-passthru.
> ; === end ===
More information about the DNSfirewalls
mailing list