RPZ based on destination

Tomas S. tomas.simonaitis at gmail.com
Mon Jul 4 08:53:07 UTC 2022


we are implementing recursive DNS service with a multiple RPZ zones,

where user can decide which policies to use by selecting one of multiple 
DNS servers IPs

(think cloudflare - default, - with malware blocking, - malware+adult blocking).

To implement this (in one server) one could run multiple unbound instances,

but rpz: unbound configuration already supports tags, however, tags can 
only be set

by client source IP.

I'm thinking about adding one more access-control directive: like 

but for destination IP (lets say access-control-dest-tag).

Do you think it would be a reasonable approach?

Best Regards,


More information about the Unbound-users mailing list