| Summary: | RPZ: Implement fetching zones | ||
|---|---|---|---|
| Product: | IPFire | Reporter: | Michael Tremer <michael.tremer> |
| Component: | --- | Assignee: | Michael Tremer <michael.tremer> |
| Status: | MODIFIED --- | QA Contact: | Stefan Schantl <stefan.schantl> |
| Severity: | - Unknown - | ||
| Priority: | - Unknown - | ||
| Version: | 2 | ||
| Hardware: | unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | |||
| Bug Blocks: | 13972 | ||
The tool has now been packaged for IPFire: > https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=commitdiff;h=f53c3c20a670f4ec998a4fc565b2ff0701fd0bc3 A script extracts the RPZs that will need to be synced and still has to be called from time to time: > https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=commitdiff;h=c638f2fac8057f9daad2e4f1aeec5b6c94a0a7cd RPZs are now loaded by the policy-loader and shared across multiple worker processes:
> https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=config/knot-resolver/config.lua;h=d594c88eb569b8668809230c6ab1307183c9514b;hb=refs/heads/next#l407
|
Since kresd cannot fetch any RPZ zones automatically, we need to build a process that will do it instead. I have built an experimental tool that uses the libraries that BIND provides to fetch the zones and can store them in files: > https://git.ipfire.org/?p=zone-sync.git;a=summary This tool will have to be integrated and validated that it works well.