[dns-operations] new public DNS service:

Matthew Pounsett matt at conundrum.com
Thu Nov 23 19:39:03 UTC 2017

On 23 November 2017 at 13:11, Paul Vixie <paul at redbarn.org> wrote:

>> SpamHaus's pricing page does not lead me to that conclusion. I think any
>> individual looking at that list will see that everyone except rpzone.us
>> <http://rpzone.us> says "contact us for a quote", conclude that there is
>> no service designed for individuals, and move on.
> that's unfortunate. i suggest reaching out yourself, and letting us know
> (both here, and at hostmaster at dnsrpz.info) what you find.
> however, your point is more broadly applicable. "free" never is. most of
> the old RBL's were free for individual use, because the cost was low (zone
> transfer was only available for a fee) and the benefit was high (the
> queries to the RBL's published DNS servers were valuable in terms of
> telling the RBL what servers were trying to send e-mail "right now"). none
> of those economics carries over to RPZ, which is only useful as a zone
> transfer.

The reason I excluded rpzone.us above is that they charge in tiers by the
query, which implies that, rather than provide an RPZ feed, they provide an
RDNS service similar to the RBLs.

so, i'd still do it, because i'm a little bit crazy, and i have often found
> a way to succeed where all theory predicts failure. but you should not want
> to participate, because you may not be crazy enough.
> without the benefit of seeing what lookups are occurring, and without a
> commercial upsell opportunity, i don't know how anybody would fund the
> operation of a free RPZ.

Your point is well taken, and leaves me still unable to connect the dots
between what I read as advocating for individual resolvers and advocating
for RPZ.  The two appear to be in conflict.  Have I misread your intent on
either subject?

I'm strongly in favour of individuals running their own DNSSEC validators,
but until this email had no way to reconcile that with widespread RPZ use.

> thus, my surprise and delight about:
> https://suspect-networks.io/downloads/
I am also surprised and delighted!  Given that you host their AXFR service,
and that you operate dnsrpz.info, I'm also surprised this isn't already
listed there.  Thanks for pointing it out.

So, Joe, the answer is apparently "yes".  There are affordable solutions
for businesses–and also apparently for individuals–who run their own
resolvers to do their own threat filtering.

PS: Apologies for the terseness of my last few emails, but I've been forced
into using dictation software for the last few days and I'm finding it
frustrating..so I'm keeping things short.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20171123/b76c03b3/attachment.html>

More information about the dns-operations mailing list