Abstract
Administrators of DNS resolvers with large internet service providers often have multiple inputs for managing the response policy, ranging from legal filters to commercial recommendations from various sources. The open source DNS TAPIR Policy Processor (POP) is a new tool for managing this – both with static inputs and with dynamic rulesets which can be updated over an MQTT message bus. These features are used in the DNS TAPIR platform, but POP can be used as a stand-alone service to simplify administration of the input data streams that influence response policy setup.
- POP is a service that feeds the resolver with policy settings, typically by providing an RPZ zone that can be imported as such in the resolver configuration.
- It can handle multiple input sources via different means (static files in different formats, RPZ streams, MQTT).
- A very simplistic policy language describes the logic for selecting what's being sent as instructions to the resolver in the form of an outgoing RPZ.
- The code is open source, and available on Github.
- The policy language could benefit from more discussion by more people.
Recording
Video will be added soon.
Speaker
Lars-Johan Liman
Lars-Johan Liman, M.Sc., Senior Systems Specialist at Netnod in Stockholm, is a long-term DNS geek, having operated DNS for more than 35 years. His is responsible for the operations of i.root-servers.net, Netnod's anycast service operated from ~100 sites. He is a beardless grey beard in the DNS business, and is involved in the DNS corners of RIPE, IETF, ICANN, DNS-OARC, CENTR, and more. His primary interests are operational technologies and the area where technology meets policy, and he is very strict with the distinction between the DNS as a technical system, and domain names as identifiers.
Rate this talk
Rating will open: Monday, 18 May 2026 09:00 (+0100).