> -----Original Message-----
> From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Vernon Schryver
>
> > From: "Woodworth, John R" <john.woodwo...@centurylink.com>
>
> > > One could make $GENERATE more efficient without actually
> > > implementing the BULK RR, by taking your pattern matching logic and
> > > implementing it
> > ...
>
> > This would still be a vendor-hack (bind) and not a standard.
>

Hi Vernon,

Thank you for your question.

>
> The examples I've noticed in this thread look similar to RPZ patterns,
> although perhaps I've missed examples that do not fit the RPZ mold.
>
> RPZ is not exactly a standard and certainly not without controversy,
> but it is documented and available for more than BIND.
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-rpz/
>

I'm no expert on RPZ (and am certainly not a coauthor for it ;) ) but
my understanding is it is a policy driven blackhole list.

After scanning through the link you provided I am now a true RPZ fan.

That said, I do not believe it will help solve our problem.

Our goal is to expand on $GENERATE and make its *intent* survive
AXFR's with the end result being indistinguishable from that of a
$GENERATE.


Thanks,
John
>
> RPZ is officially only for recursive resolvers, but that is because
> superficially it makes little sense for an authority to rewrite its
> own response.  However, RPZ works on authorities (masters) in at
> least BIND.
>
> Could RPZ be a partial solution to the problem that the BULK RR
> would solve?
>
> I agree that a statement of the problems solved by the BULK RR
> would be good.
>
>
> Vernon Schryver    v...@rhyolite.com
>
-- THESE ARE THE DROIDS TO WHOM I REFER:
This communication is the property of CenturyLink and may contain confidential 
or privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful. If you have received this communication in 
error, please immediately notify the sender by reply e-mail and destroy all 
copies of the communication and any attachments.


_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to