3 Úno
2026
3 Úno
'26
19:22
Hi All,
Just wondering how you guys are ingesting RPZ feeds into Knot Resolver.
While Knot doesn't natively support zone transfers at this time, it
can import the zone files, and then kick the zone if the file changes,
so that's what I'm doing.
I'm doing the zone transfers (10 zones from ioc2rpz) using BIND for
now, and then writing the zone files to storage that Knot Resolver can
read.
I know that dns4eu uses Knot Resolver for their protective recursor
service, so I'd be curious to know how they're doing this.
Could be that they're using a custom version of Knot that's zone
transfer capable.
For context, I run Knot Resolver behind dnsdist, and they're
complimentary, offering huge flexibility.
Would be great to see rpz-passthru support in the BIND format too
(forgive me if that's already possible) so that a traditional
white-list-first tiered approach can be followed.
(Super impressed with Knot resolver, so hats off to all at CZ).
Cheers,
GC