Authority and forwarding, but not recursion/iteration

Marki bind-users at
Tue Mar 16 22:51:46 UTC 2021

On 3/13/2021 12:11 AM, Tony Finch wrote:
> Marki <bind-users at> wrote:
>> But if you need granular filtering, that could become a lot of views...
> Yes, I think RPZ is really designed to be a ban hammer for dealing with
> abuse, rather than a general-purpose access control mechanism. If you need
> to get really fancy then you should look at dnsdist which can be
> programmed in Lua.
> Tony.

Just posting this to give everyone my conclusions and how this turned out.

Standard DNS server software (not only Bind) does not provide for easy 
whitelist filtering, only blacklists seem to be "en vogue". Like 
trusting nearly everyone, except, oh well, what did they teach in 
security class? Never mind, we're currently rolling out dnsdist.

@Tony Your feedback has been very to the point, knowledgeable and 
fruitful. If you've got an Amazon wishlist (almost wrote whitelist lol) 
let me know :D

More information about the bind-users mailing list