> From: ac <a...@main.me>

> that is only your point of view, take of your sunglasses, it is bright
> outside, we are Making The Internet Great Again, writing protocols to
> tell lies, moving lines, exploring the dark side of the force, a new
> time is upon us, where toasters also make ice and ice and tell time.
> you are right about the speed though, must be the wind in your hair?

The Internet stopped at the bottom of this particular slope years ago.
The idea of dishonest DNS servers is at least 25 years old, although
almost all such talk avoids words like "lie" and "truth."  As you can
see from the History section on page 23 of
https://datatracker.ietf.org/doc/draft-vixie-dns-rpz/?include_text=1
RPZ has been available in BIND9 for half a dozen years.  There are
also RPZ implementations or partial implementations in or for BIND9,
Unbound, Powerdns, Knot, and probably other recursive server
implementations.
(I'd be happy to relay descriptions of other RPZ code to the editor
of https://dnsrpz.info/ or introduce people to him. )

The new version of RPZ draft is longer, but it might finally completely
describe RPZ.  Previous descriptions lacked significant details about
how a single effective policy rule is chosen among multiple hits and
about less common (but I think more effective) types of triggers
including NSIP and NSDNAME.

Comments on the 04 draft (other than marking it Top Secret) are welcome.


Vernon Schryver    v...@rhyolite.com

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to