DNS Blackholing
Ray Van Dolson
rvandolson at esri.com
Tue Dec 4 23:49:18 UTC 2012
On Tue, Dec 04, 2012 at 09:45:07AM +0000, Phil Mayers wrote:
> On 12/04/2012 02:44 AM, John Hascall wrote:
> >
> >We have found that RPZ works quite well for us.
> >We have 366825 names in our RPZ zone at present
> >and scaling thus far has been a non-issue.ot (
>
> Likewise. We have 675k entries in an RPZ zone, and performance is fine.
>
> It's genuinely surprising how many hits we get on the "Badness" host
> (we rewrite the RPZ result to a CNAME aimed at an internal host)
> even from machines which are clean, with sensible users at the
> keyboard. There's a lot of slime on the internet that you can step
> in and track into the house...
>
> It also amazes me how many people will install spyware in exchange
> for a web browser "search toolbar". Sigh...
Thanks, all. Sounds like RPZ is the way to go.
Ray
More information about the bind-users
mailing list