Load zone files from *tp://

[spirillen]

• Program: Authoritative, Recursor
• Issue type: Feature request

Short description

Sorry @Habbie but as this would be two issues where the second would be a true copy of the first, I dare to merge this as one....

Just as in unbound have full support for zone files hosted over any ftp,http,https,*tp.

       url: <url to zonefile>
              Where  to download a zonefile for the zone.  With http or https.
              An  example  for  the   url   is   "http://www.example.com/exam-
              ple.org.zone".   Multiple  url statements can be given, they are
              tried in turn.  If only urls are given the SOA refresh timer  is
              used  to  wait  for  making  new downloads.  If also masters are
              listed, the masters are first probed with UDP SOA queries to see
              if  the  SOA  serial  number has changed, reducing the number of
              downloads.  If none of the urls work, the masters are tried with
              IXFR  and AXFR.  For https, the tls-cert-bundle and the hostname
              from the url are used to authenticate the connection.

Usecase

See among others #9061 and https://www.mypdns.org/w/rpzunbound/#setup-response-policy-zone

In short make it simple to load a zone which is only available over any *tp://protocol for either AUTH or RPZ zones.

Description

[Habbie]

Sorry @Habbie but as this would be two issues where the second would be a true copy of the first, I dare to merge this as one....

Because it's a feature request for two products, I get it, no worries :)

I do see that if we only did this in auth, it would already cover the use case, as the Recursor can then XFR from the auth.

[spirillen]

Wouldn't it be a bit overkill to install PDNS as backend to Recursor for "only" feeding the recursor with a couple of zones? like rpz.urlhaus.abuse.ch?

[omoerbeek]

Recursors has this for ZoneToCache, but not for RPZs.