[DNSfirewalls] [cmikk at fsi.io: [dnstap] (PR) Adding response policy information in dnstap]

Peter van Dijk peter.van.dijk at powerdns.com
Mon Mar 15 21:56:00 UTC 2021

On Mon, 2021-03-15 at 22:25 +0100, Jeroen Massar wrote:
> On 2021-03-15 21:43, Brian Dickson wrote:
> [..]
>  >     if anybody uses a dns server that's not one of those, please feel to
>  >     reach out
>  >     to us so that we can add their name to the relevant web page
>  >     (directory) and
>  >     reach out to them about joining the relevant mailing list.
>  >
>  >
>  > I am not 100% sure, but I think dnsdist is one. (It may share a code 
> base with one of those other projects, not sure.)
> dnsdist does not do rpz; the backend needs to do that; dnsdist being 
> 'just' an advanced load balancer / "proxy".
> dnsdist does do dnstap though: https://dnsdist.org/reference/dnstap.html

Replying to both of you, just collecting the facts:
* dnsdist does not do RPZ, but some people convert RPZs into other
things that dnsdist can consume (like CDB or LMDB databases)
* dnsdist does share some code with PowerDNS Auth and Recursor
* dnsdist does have dnstap
* PowerDNS Recursor has both RPZ and dnstap and users have shown
interest in changes like cmikk's

I've poked my coworkers to have a look at cmikk's changes. (I believe
one of them already found a typo in an earlier emailed version.)

Kind regards,
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

More information about the DNSfirewalls mailing list