4 Úno
2026
4 Úno
'26
9:23
Hello.
On 03/02/2026 19.22, Giles Crawford wrote:
Just wondering how you guys are ingesting RPZ feeds
into Knot Resolver.
While Knot doesn't natively support zone transfers at this time, it
can import the zone files, and then kick the zone if the file changes,
so that's what I'm doing.
Some automation for obtaining RPZs is certainly among features which we
would like to add.
I'm doing the zone transfers (10 zones from
ioc2rpz) using BIND for
now, and then writing the zone files to storage that Knot Resolver can
read.
It's possible to
kdig @server AXFR zone.name > some file
or the same with dig or another tool. And run that on a timer.
Sometimes such a simplicity suffices, e.g. if the RPZ is small or
doesn't need to update often.
Would be great to see rpz-passthru support in the BIND
format too
(forgive me if that's already possible) so that a traditional
white-list-first tiered approach can be followed.
We have code for that outside the master branch and releases already,
but I'm not sure about details, i.e. what behavior is mostly expected on
conflicting rules, CNAMEs, etc. (I do know that the RPZ draft does
specify this, but...)
(Super impressed with Knot resolver, so hats off to
all at CZ).
Thanks :-)
--Vladimir