Paul Hoffman <[email protected]> wrote: > > Good question, and no. "Policy-based" and "policy-implementing" are > those kind of terms we hear bandied about in operator circles but not > written about in RFCs because it is supposedly outside the purview of > the IETF. If someone has a reasonable reference we can point to, that > would be great.
As well as Hugo's link, there is http://dnsrpz.info which has some more helpful context and practical info. But in practice people seem to be using the term "DNS firewall" much more than "policy-implementing resolver", though it seems to be quite closely associated with RPZ - e.g. the PowerDNS recursor scripting documentation doesn't use either term. http://www.circleid.com/posts/20120103_dns_firewalls_in_action_rpz_vs_spam/ http://www.securityweek.com/why-dns-firewalls-should-become-next-hot-thing-enterprise-security https://kb.isc.org/article/AA-00525/0/Building-DNS-Firewalls-with-Response-Policy-Zones-RPZ.html https://www.infoblox.com/products/secure-dns/dns-firewall http://www.efficientip.com/dns-firewall/ https://doc.powerdns.com/md/recursor/scripting/ Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Hebrides, Bailey: East or southeast 3 or 4, increasing 5 or 6. Slight or moderate. Showers. Good. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
