Page MenuHomeVyOS Platform
Create Task
Maniphest T2124

RPZ support in DNS forwarder for DNS Firewall
Open, NormalPublicFEATURE REQUEST
Actions

Description

Hello,
to provide DNS firewall capabilities we will need to add RPZ support to the DNS forwarder
https://doc.powerdns.com/recursor/lua-config/rpz.html

Details

Version
-
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Event Timeline

syncer created this task.Mar 16 2020, 12:39 AM
syncer assigned this task to hagbard.
syncer triaged this task as Normal priority.
hagbard removed hagbard as the assignee of this task.Nov 14 2020, 3:13 PM
hagbard subscribed.
erkin set Issue type to Feature (new functionality).Aug 31 2021, 5:19 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Nov 6 2021, 11:25 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:05 AM
tioan subscribed.Oct 16 2022, 12:59 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:43 PM
twan subscribed.Jul 16 2023, 9:52 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:30 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:38 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus (1.3.6).Feb 10 2024, 9:18 AM
Viacheslav edited projects, added VyOS 1.5 Circinus; removed VyOS 1.3 Equuleus (1.3.7).Feb 12 2024, 9:16 AM
syncer edited projects, added VyOS Rolling; removed VyOS 1.5 Circinus.Oct 28 2024, 6:51 AM
himurae subscribed.EditedApr 1 2025, 5:48 PM

Response Policy Zone (RPZ)
It would be very very useful feature in VYOS
RPZ allows admins to easily block access to websites via DNS lookup. The lookup is done before the main communication which is based on IP addresses ( which can be blocked by IP Address Blocklists ). Usually the URLs of malicious websites do change much less often, compared to the IPs of them.

Response Policy Zone (RPZ) is a mechanism to define local policies in a standardized way and load those policies from external sources. This is done usually by application like PiHole ( running on device in the local network ). This addon allows this functionality as part of Powerdns
RPZ is a straightforward way to stop users from connecting to harmful sites like phishing pages or malware servers while keeping the network and its users safe with minimal fuss.

An easy to use allowlist is handy for avoiding issues when legitimate sites get flagged by mistake or need to stay accessible for business reasons.

pasik subscribed.Apr 1 2025, 8:00 PM
marvin subscribed.Apr 1 2025, 8:52 PM
indrajitr subscribed.Oct 8 2025, 6:22 PM