Jeff Chan schrieb: >> Was wondering if the trusted_networks could be "pluginized" to use >> DNSEval so that one could query a dnswl (local or remote) - for bigger >> setups it would probably make management simpler. > > One counterargument is that if the data are relatively static, > i.e., not updated very often, then this could generate a lot of > arguably unnecessary DNS traffic.
dnswl.org lookups are done by the standard ruleset anyway, thus a DNSEval would not generate additional query traffic. Additionally, there is a pretty long TTL on dnswl.org data records - currently around 12 hours, which could even be extended to something like 18 hours. -- Matthias