How reliable is RPZ in production? I'm seeing flakiness in testing.

Phil Mayers p.mayers at imperial.ac.uk
Wed Jan 7 10:58:13 UTC 2015


On 06/01/15 22:52, Anne Bennett wrote:

> I don't know what to make of this; it looks as though the
> technology is several years old, and my experience with ISC
> bind is usually excellent.  Has anyone else encountered this
> type of flakiness?

No, but we're not using client-ip RPZ, just qname-based blacklists.

I've had a couple of occurrences of runaway CPU use triggered by a large 
RPZ AXFR, but no-one seems to believe me when I bring it up here, so 
I've stopped bothering :o/

But we certainly haven't see the kind of sporadic issue you describe. It 
might be that the client-ip stuff is newer?

Not sure how you'd debug it.


More information about the bind-users mailing list