Bug 13978 - RPZ: Implement fetching zones
Summary: RPZ: Implement fetching zones
Status: MODIFIED
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: unspecified Unspecified
: - Unknown - - Unknown -
Assignee: Michael Tremer
QA Contact: Stefan Schantl
URL:
Keywords:
Depends on:
Blocks: KRESD
  Show dependency treegraph
 
Reported: 2026-05-18 17:25 UTC by Michael Tremer
Modified: 2026-05-21 18:44 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Tremer 2026-05-18 17:25:12 UTC 
Since kresd cannot fetch any RPZ zones automatically, we need to build a process that will do it instead.

I have built an experimental tool that uses the libraries that BIND provides to fetch the zones and can store them in files:

> https://git.ipfire.org/?p=zone-sync.git;a=summary

This tool will have to be integrated and validated that it works well.
Comment 1 Michael Tremer 2026-05-19 16:45:33 UTC 
The tool has now been packaged for IPFire:

> https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=commitdiff;h=f53c3c20a670f4ec998a4fc565b2ff0701fd0bc3

A script extracts the RPZs that will need to be synced and still has to be called from time to time:

> https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=commitdiff;h=c638f2fac8057f9daad2e4f1aeec5b6c94a0a7cd
Comment 2 Michael Tremer 2026-05-21 18:44:23 UTC 
RPZs are now loaded by the policy-loader and shared across multiple worker processes:

> https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=config/knot-resolver/config.lua;h=d594c88eb569b8668809230c6ab1307183c9514b;hb=refs/heads/next#l407