On 2/12/19, Andy Smith <a...@strugglers.net> wrote: > Hi, > > On Tue, Feb 12, 2019 at 06:40:01PM -0500, Lee wrote: >> What are people using these days to >> 1. have dnssec enabled lookups >> 2. filter external dns answers > > I use Unbound for resolvers. > > I understand that Unbound can do some RPZ-like things with its > local-data and local-zone directives, but I've never played with RPZ so > don't know if it can cover your use case. > > PowerDNS Recursor is another popular recursor. I have never used it, > only the Auth server version, but I've found that to be high quality > software so I'd certainly be willing to look at their Recursor product > if I wasn't happy with Unbound. It seems to have RPZ support:
Assuming I'm looking at the correct graph - https://qa.debian.org/popcon.php?package=pdns-recursor PowerDNS is trending down at ~400 users now. Throw in an additional filter for it's available on BSD, Linux & Windows and it looks like a toss-up between bind & unbound. Since I already know bind I'll stay with that. Thanks for the info Lee
