Local rpz ban list format

Peter van Dijk peter.van.dijk at powerdns.com
Wed May 12 11:54:57 UTC 2021

On Sun, 2021-04-11 at 19:37 +0000, Paul Vixie via Unbound-users wrote:
> in BIND, a zone must have an SOA and an NS or loading will fail, and so
> the RPZ specification calls for these elements. while it's unknown to me
> whether Unbound has the same requirement, i suggest you keep your RPZ's
> in a portable form, and thus, that you include these elements.
> $TTL is unnecessary. the TTL of records in an RPZ is not relevant

The TTL of records in an RPZ might affect caching on a client, or an
intermediate forwarder, for 'positive' responses.

MIN(SOA TTL, SOA MINIMUM) might affect caching on a client/forwarder if
an RPZ trigger causes a negative response that includes an SOA.

Kind regards,
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

More information about the Unbound-users mailing list