AXFR / IXFR secure zone transfer

dns at dns at
Fri Nov 25 09:03:24 UTC 2022


Thank you for your fantastic job with RPZ, we will soon disclose an interesting implementation of your work in an Open Source firewall. 

I was wondering if using TSIG or equivalent secure zone transfer was somewhere on your roadmap? 

We have these large scale RPZ zones of ours and would like to avoid having the whole earth downloading them randomly. 
So we have seen that there is the possibility to do HTTPS zone transfer, but we will lose the advantages of IXFR (which for zones with millions of record is a huge advantage). 

Thanks for taking time to read this and comment if possible. 

Sincerely yours. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: LOGO_OCTOPUS_90.png
Type: image/png
Size: 4732 bytes
Desc: not available
URL: <>

More information about the Unbound-users mailing list