# redis-timeout: 100
# Response Policy Zones
-# RPZ policies. Applied in order of configuration. QNAME trigger is the only
-# supported trigger. Supported actions are: NXDOMAIN, NODATA, PASSTHRU, DROP and
-# Local Data. Policy can be loaded from file or using zone transfer.
+# RPZ policies. Applied in order of configuration. QNAME and Response IP
+# Address trigger are the only supported triggers. Supported actions are:
+# NXDOMAIN, NODATA, PASSTHRU, DROP and Local Data. Polices can be loaded from
+# file or using zone transfer. The respip module needs to be added to the
+# module-config, e.g.: module-config: "respip validator iterator".
# rpz:
# name: "rpz.example.com"
# zonefile: "rpz.example.com"
.LP
Response Policy Zones are configured with \fBrpz:\fR, and each one must have a
\fBname:\fR. There can be multiple ones, by listing multiple rpz clauses, each
-with a different name. RPZ clauses are applied in order of configuration.
+with a different name. RPZ clauses are applied in order of configuration. The
+\fBrespip\fR module needs to be added to the \fBmodule-config\fR, e.g.:
+\fBmodule-config: "respip validator itarator"\fR.
.P
-Only the QNAME trigger is supported. The supported RPZ actions are: NXDOMAIN,
-NODATA, PASSTHRU, DROP and Local Data. RPZ QNAME triggers are applied after
+Only the QNAME and Response IP Address triggers are supported. The supported RPZ
+actions are: NXDOMAIN, NODATA, PASSTHRU, DROP and Local Data. RPZ QNAME triggers
+are applied after
\fBlocal-zones\fR and before \fBauth-zones\fR.
.TP
.B name: \fI<zone name>
projects / thirdparty / unbound.git / commitdiff
