[DNSfirewalls] [cmikk at fsi.io: [dnstap] (PR) Adding response policy information in dnstap]
paul at redbarn.org
Mon Mar 15 20:40:00 UTC 2021
On Mon, Mar 15, 2021 at 04:15:55PM -0400, Andrew Fried wrote:
> I'm assuming this logging feature would require each RPZ resolver vendor
> to incorporate support for this. Has ISC/NLnet Labs/PowerDNS indicated
> that they were amenable to adding that support?
bind9, powerdns, knot, and unbound all have rpz, and all have 'dnstap'. some
of them directly incorporate some 'dnstap' source code, which we're patching.
i fully expect that every one of these f/l/oss dns servers will adopt these
changes, and i will start the outreach on that after the patch is reviewed.
if anybody uses a dns server that's not one of those, please feel to reach out
to us so that we can add their name to the relevant web page (directory) and
reach out to them about joining the relevant mailing list.
in these matters, more is better.
More information about the DNSfirewalls