Maintained by: NLnet Labs

RPZ support in Unbound?

Paul Vixie
Wed Apr 12 13:50:41 CEST 2017


we (farsight security) have an rpz implementation that works with
unbound. it is not open source. we make it available, along with a right
to use, for any unbound server which is instrumented with a passive dns
sensor (so, no money changes hands.) this implementation (called
"fastrpz") consists of a background server process, a command line
utility, a shared library, and a small set of patches to unbound itself
(adding hooks). contact me if you'd like to hear more details.

vixie

re:

Marco Pizzoli via Unbound-users wrote:
> Hi Ralf,
> Thank you for your answer.
> 
> I have read in a thread dating back more than one year ago that RPZ was
> in the roadmap. 
> 
> Do you have any updated info about this?
> 
> Thank you again
> Marco
> 
> 
> Il giorno mer 12 apr 2017 alle 12:35 Ralph Dolmans via Unbound-users
> <unbound-users at unbound.net <mailto:unbound-users at unbound.net>> ha scritto:
> 
>     Hi Marco,
> 
>     Unbound does not have RPZ support. Reporter of bug #839 creates an
>     Unbound configuration file containing local-zone elements using an
>     RPZ feed.
> 
>     Regards,
>     -- Ralph
> 
>     On 12-04-17 11:53, Marco Pizzoli via Unbound-users wrote:
>     > Hi all,
>     > I would like to understand better what is the support of Unbound
>     for RPZ.
>     > Looking at the manpages I see RPZ not reported.
>     > Looking at the release notes of 1.6.0 I see:
>     >
>     >   * Fix #839: Memory grows unexpectedly with large RPZ files.
>     >
>     > Where is the truth?
>     > Am I missing something?
>     >
>     > Thank you in advance
>     > Marco
> 

-- 
P Vixie