[DNSfirewalls] [cmikk at fsi.io: [dnstap] (PR) Adding response policy information in dnstap]
Peter van Dijk
peter.van.dijk at powerdns.com
Mon Mar 15 21:56:00 UTC 2021
On Mon, 2021-03-15 at 22:25 +0100, Jeroen Massar wrote:
> On 2021-03-15 21:43, Brian Dickson wrote:
> [..]
> > if anybody uses a dns server that's not one of those, please feel to
> > reach out
> > to us so that we can add their name to the relevant web page
> > (directory) and
> > reach out to them about joining the relevant mailing list.
> >
> >
> > I am not 100% sure, but I think dnsdist is one. (It may share a code
> base with one of those other projects, not sure.)
>
> dnsdist does not do rpz; the backend needs to do that; dnsdist being
> 'just' an advanced load balancer / "proxy".
>
> dnsdist does do dnstap though: https://dnsdist.org/reference/dnstap.html
Replying to both of you, just collecting the facts:
* dnsdist does not do RPZ, but some people convert RPZs into other
things that dnsdist can consume (like CDB or LMDB databases)
* dnsdist does share some code with PowerDNS Auth and Recursor
* dnsdist does have dnstap
* PowerDNS Recursor has both RPZ and dnstap and users have shown
interest in changes like cmikk's
I've poked my coworkers to have a look at cmikk's changes. (I believe
one of them already found a typo in an earlier emailed version.)
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the DNSfirewalls
mailing list