RPZ based on destination
Tomas S.
tomas.simonaitis at gmail.com
Mon Jul 4 08:53:07 UTC 2022
Hello,
we are implementing recursive DNS service with a multiple RPZ zones,
where user can decide which policies to use by selecting one of multiple
DNS servers IPs
(think cloudflare 1.1.1.1 - default, 1.1.1.2 - with malware blocking,
1.1.1.3 - malware+adult blocking).
To implement this (in one server) one could run multiple unbound instances,
but rpz: unbound configuration already supports tags, however, tags can
only be set
by client source IP.
I'm thinking about adding one more access-control directive: like
access-control-tag,
but for destination IP (lets say access-control-dest-tag).
Do you think it would be a reasonable approach?
Best Regards,
Tomas
More information about the Unbound-users
mailing list