Re: RPZ zone response delay time ?
I don’t think we are ever going to implement something like this. This is a wrong layer to fix this. -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 10. 4. 2023, at 22:36, Evan Hunt wrote: > > On Fri, Apr 07, 2023 at 05:27:38PM +0100, Jason Vas Dias wrote: >> I will put something like this as a patch into MY named, I just >> wondered if there'd be any interest in adding such a >> 'DelayRPZResponse' NamedConf option for the standard BIND9 release. > > You can put in a feature request at https://gitlab.isc.org/isc-projects/bind9, > and if you submit a patch we'll look at it, but I don't think this is > the right way to do this. Why are you remapping to a blackholed > address, instead of returning NXDOMAIN? > > -- > Evan Hunt -- e...@isc.org > Internet Systems Consortium, Inc. > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RPZ zone response delay time ?
On Fri, Apr 07, 2023 at 05:27:38PM +0100, Jason Vas Dias wrote: > I will put something like this as a patch into MY named, I just > wondered if there'd be any interest in adding such a > 'DelayRPZResponse' NamedConf option for the standard BIND9 release. You can put in a feature request at https://gitlab.isc.org/isc-projects/bind9, and if you submit a patch we'll look at it, but I don't think this is the right way to do this. Why are you remapping to a blackholed address, instead of returning NXDOMAIN? -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RPZ zone response delay time ?
Good day - I have converted the excellent hosts file at https://someonewhocares.org/hosts/ to a Response Policy Zone (RPZ) file served by my local named that ends: *.google-analytics.com A 0.0.0.0 *.clarity.ms A 0.0.0.0 *.adtelligent.com A 0.0.0.0 (there are over 15,000 entries in it). This serves to speed up my internet accesses about 10 times, normally, and acts great as an ad+spyware site blocker, like a do-it-yourself RBL list. I create a static route at boot-up : blackhole 0.0.0.0/8 . But I am finding that some modern sites like YouTube.com in particular have begun entering an infinite busy loop requesting content from the AdWare sites, until it succeeds (though it never will on my box), even if address 0.0.0.0 is returned by DNS . So now just playing a song on YouTune consumes about 800% CPU time, unless I am able to copy the Embed Link to an HTML file so as to avoid loading YouTube's JS libraries (does not work for Ad-Ware augmented content). Please, could I request adding an artificial "Delay All RPZ Zone Responses by N Microseconds" option ? I could then delay all my RPZ zone responses by say 6 seconds, this is enough time for them to time-out and will act as a throttle on evil JavaScript code such as that employed by YouTube. I will put something like this as a patch into MY named, I just wondered if there'd be any interest in adding such a 'DelayRPZResponse' NamedConf option for the standard BIND9 release. Thanks, Best Regards, Jason Vas Dias -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
