Whitelisting domains filtered by RPZ

dns at todoo.biz dns at todoo.biz
Mon May 30 10:38:12 UTC 2022


Hello Unbound fellow users, 


We are setting up a large scale filtering based on unbound + RPZ domain lists. 
We will have 68 lists sorted by themes allowing one to have powerful RPZ filtering. 

Some of our themes are containing more than 268Mo of FQDN… 

Among these FQDNs, are possibly some false positive, or some domains that our user base would like to filter out of these lists (in the first place). 


What would be the advised way to exclude / whitelist a domain from an RPZ filtering ? 


We have for exemple: 


> rpz:
> 	name: "blog.rpz.domain"
> 	zonefile: "blog.rpz.domain"
> 	primary: 18.16.99.8
> 	rpz-log: yes
> 	rpz-log-name: "blog-rpz-domain"
> 	tags: "blog_test"


In the rpz list "twitter.com" is listed and filtered


Would adding this statement allow "twitter.com" not to be filtered ? 

> local-zone: "*.twitter.com" always_transparent



My goal is that the "always_transparent" statement has precedence on any other config statement (and more particularly on the rpz block). 

If you have other suggestion, please let me know. 


Sincerely yours. 

—
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220530/ac573f70/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: LOGO_OCTOPUS_90.png
Type: image/png
Size: 4732 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220530/ac573f70/attachment-0001.png>


More information about the Unbound-users mailing list