RPZ based on destination
tomas.simonaitis at gmail.com
Mon Jul 4 08:53:07 UTC 2022
we are implementing recursive DNS service with a multiple RPZ zones,
where user can decide which policies to use by selecting one of multiple
DNS servers IPs
(think cloudflare 18.104.22.168 - default, 22.214.171.124 - with malware blocking,
126.96.36.199 - malware+adult blocking).
To implement this (in one server) one could run multiple unbound instances,
but rpz: unbound configuration already supports tags, however, tags can
only be set
by client source IP.
I'm thinking about adding one more access-control directive: like
but for destination IP (lets say access-control-dest-tag).
Do you think it would be a reasonable approach?
More information about the Unbound-users