<html>
<head></head>
<body>
<div dir="ltr">
If that's how it worked then it was indeed an error. That was not Farsight's goal or my understanding. In any case RPZ no longer needs special code from anywhere and I share your joy about that.
</div><br>
<div dir="ltr">
p vixie
</div><br>
<div class="bx-html">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div class="bx-body">
<div class="quote">
On Aug 21, 2024 00:55, Ondřej Surý <ondrej@isc.org> wrote:<br type="attribution">
<blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
No, it didn’t work with any policy. The feature required librpz.so that was a binary blob provided to Farsight customers. It was wrong to accept this code into BIND 9 in the first place. BIND 9 already had working RPZ implementation and the effort would be better spent on improving RPZ for everyone.
<div>
<br>
</div>
<div>
Ondrej<br id="lineBreakAtBeginningOfSignature">
<div dir="ltr">
<div>
--
</div>Ondřej Surý — ISC (He/Him)
<div>
<br>
</div>
<div>
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
</div>
</div>
<div dir="ltr">
<br>
<blockquote type="cite">
On 21. 8. 2024, at 9:26, Paul Vixie <paul@redbarn.org> wrote:<br><br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
It worked with any policy source not just Farsight. However, is no longer necessary since isc now has a native RPZ implementation. Thanks for that.
</div><br>
<div dir="ltr">
p vixie
</div><br>
<div class="bx-html">
<div class="bx-body">
<div class="quote">
On Aug 20, 2024 23:55, Ondřej Surý <ondrej@isc.org> wrote:<br type="attribution">
<blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">Hello,</p>
<p dir="ltr">In line with ISC's deprecation policy, I am notifying the mailing list<br>
of our intent to remove support for Response-Policy Server support.</p>
<p dir="ltr">Back in 2018, Farsight Security[1] contributed a patch to BIND that was<br>
an optional replacement to our native RPZ implementation. At that time,<br>
our RPZ implementation wasn’t scaling very well, and we accepted<br>
the patch. This patch, however, only worked with Farsight’s own RPZ<br>
service, so its utility is limited to Farsight customers. We do not think<br>
this patch really belongs in open source BIND 9 version. Removing the<br>
feature that has limited user-base will allow us to improve the RPZ<br>
(Response-Policy Zones) feature that's native to BIND 9 and available<br>
to all BIND 9 users.</p>
<p dir="ltr">The feature is called DNSRPS, or the Response Policy Server. Farsight<br>
called it “FastRPZ”, but in the ARM it is called the Response Policy Server[2].</p>
<p dir="ltr">The support for DNSRPS/FastRPZ will be deprecated as of BIND 9.20<br>
and removed in BIND 9.21/9.22.</p>
<p dir="ltr">1. Since then Farsight Security has been acquired by DomainTools.<br>
2. https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-dnsrps-enable.</p>
<p dir="ltr">Cheers,<br>
--<br>
Ondřej Surý (He/Him)<br>
ondrej@isc.org</p>
<p dir="ltr">My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.</p>
<p dir="ltr">-- <br>
bind-announce mailing list<br>
bind-announce@lists.isc.org<br>
https://lists.isc.org/mailman/listinfo/bind-announce<br></p>
</blockquote>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</body>
</html>