[dns-operations] RPZ feeds
Paul Vixie
paul at redbarn.org
Tue Nov 21 17:26:09 UTC 2017
thanks barry. some added details below.
Barry Greene wrote:
>
>> On Nov 21, 2017, at 9:42 AM, Ulrich Wisser <ulrich at wisser.se
>> <mailto:ulrich at wisser.se>> wrote:
>>
>> In the discussion on Quad9 quite a few of you expressed that you run
>> your own resolver and use RPZ.
>> What feeds do you use? Paid/Free?
>
...
>
> For specific RPZ feeds, we work to get them all listed here:
> https://dnsrpz.info/
if anyone should learn of an RPZ feed that's not listed at
https://dnsrpz.info/, please let us know. we'd like to be as
comprehensive as possible.
and keep in mind that running a local RPZ is as easy as creating a
primary master DNS zone in your NOC or SOC, and propagating it via zone
transfer to all of your RDNS servers. your own local intelligence as to
what you should not correctly resolve, is usually better than anything
you can subscribe to externally.
there is not yet a crowd-sourced RPZ that gangs together all of the
local NOC/SOC observations -- but i consider such to be inevitable.
RPZ as a specification is free to implement, there is no encumberment
such as patents. most RPZ implementations are free to install and
operate. some RPZ feeds are free to subscribe.
--
P Vixie
More information about the dns-operations
mailing list