How reliable is RPZ in production? I'm seeing flakiness in testing.
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jan 7 10:58:13 UTC 2015
On 06/01/15 22:52, Anne Bennett wrote:
> I don't know what to make of this; it looks as though the
> technology is several years old, and my experience with ISC
> bind is usually excellent. Has anyone else encountered this
> type of flakiness?
No, but we're not using client-ip RPZ, just qname-based blacklists.
I've had a couple of occurrences of runaway CPU use triggered by a large
RPZ AXFR, but no-one seems to believe me when I bring it up here, so
I've stopped bothering :o/
But we certainly haven't see the kind of sporadic issue you describe. It
might be that the client-ip stuff is newer?
Not sure how you'd debug it.
More information about the bind-users
mailing list