> From: ac <a...@main.me> > that is only your point of view, take of your sunglasses, it is bright > outside, we are Making The Internet Great Again, writing protocols to > tell lies, moving lines, exploring the dark side of the force, a new > time is upon us, where toasters also make ice and ice and tell time. > you are right about the speed though, must be the wind in your hair?
The Internet stopped at the bottom of this particular slope years ago. The idea of dishonest DNS servers is at least 25 years old, although almost all such talk avoids words like "lie" and "truth." As you can see from the History section on page 23 of https://datatracker.ietf.org/doc/draft-vixie-dns-rpz/?include_text=1 RPZ has been available in BIND9 for half a dozen years. There are also RPZ implementations or partial implementations in or for BIND9, Unbound, Powerdns, Knot, and probably other recursive server implementations. (I'd be happy to relay descriptions of other RPZ code to the editor of https://dnsrpz.info/ or introduce people to him. ) The new version of RPZ draft is longer, but it might finally completely describe RPZ. Previous descriptions lacked significant details about how a single effective policy rule is chosen among multiple hits and about less common (but I think more effective) types of triggers including NSIP and NSDNAME. Comments on the 04 draft (other than marking it Top Secret) are welcome. Vernon Schryver v...@rhyolite.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop