Hi,
Thank you for your reply.
Ad 1) The purpose of the ipset rules is to unlock an application by a certain provider who isn’t abele to give a list of fixed IP-Addresses to unlock for access, but gives out domain names that need to be looked up (so all subdomains under a specific domain can be contacted and need to be unlocked.
I’m not a big fan of this and consider it bad practice by the Software vendor, but unfortunately, I cannot change it.
Microsoft is also using this scheme, unfortunately, to allow access to its MS Office Activation servers only by unlocking a list of domains and they recently started to block MS Office with an unlimited license after 6 months of usage if license servers cannot be contacted within this period. I didn’t unlock all the Microsoft Domains using this technique, as I consider it as being too risky, as this may over time unlock the whole Azure cloud if they keep changings IPs constantly, but it serves as a good example for this bad practice of Software companies.
Ad 2) Unbound: doc/README.ipset.md | Fossies
unbound/ipset/ipset.c at master · NLnetLabs/unbound · GitHub
Best regards