BIND RPZ vs unbound dns firewall

This is not a bake-off, just trying to sketch a versus based on usability and requirements.

unbound-dns-firewall:

• Uses Unbound, one of the best DNS engines out there.
• Fast, small memory footprint, did I say fast?
• Processes queries before they go out, so no unwanted DNS traffic
• Lists simpler to maintain (and provided in this repo)
• Load-times blazing fast, even if lists contain huge amounts of entries
• Better, more understandable logging
• Easier to modify (python script/module)
• Use regexp if needed (can complicate)
• Lot of public lists on github/etc usable
• Python, just cool.

BIND RPZ:

• RPZ Zones can be transfered using standard DNS AXFR/IXFR
• Not the fastest DNS engine in the world
• RPZ Zone syntax and configuration quite complex
• Logging cumbersome.
• RPZ adds to load-times.
• IP CIDR/Ranges supported
• No regexp
• No extra tools/scripts/etc needed (could be a con as well)
• No real public/free lists available in RPZ (most of them paid/subscribe)