Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [rpz]

Questions specific to the Response Policy Zones RPZ feature offered by modern DNS servers / resolvers.

Domain Name Service Response Policy Zones (DNS RPZ) is a mechanism for use by Domain Name System recursive resolvers that allows customised handling of the resolution of collections of domain name information (zones).

Administrators can take advantage of this feature to overlay custom informations on top of the global DNS and provide alternate responses to the queries.

It is currently implemented in the ISC BIND nameserver (9.8 or later). Another generic name for the DNS RPZ functionality is "DNS firewall".

8 questions
5
votes
1 answer

Configure BIND as Forwarder only (no root hints), encrypted + RPZ blacklist / whitelist all together

My setup is getting more complex, generally I tend to divide things in pieces and assemble them together by myself. But it seems this time I need more help to get the whole gears working together. That's why I was requested by user @Rui F Ribeiro to…
user3450548
  • 2,714
  • 11
  • 29
  • 46
5
votes
1 answer

DNS server for blacklisting tons of domains and also some TLDs

I'm trying to setup a basic DNS server for my lan that is able to put in a nullroute or 127.0.0.1 lots of domains. The domains I want to block come from a list but I also want to block some domains using regular expressions (this is a must for my…
user3450548
  • 2,714
  • 11
  • 29
  • 46
3
votes
2 answers

Bind RPZ no effect with Views

I have a DNS server which has two views, one for internal users and one for external (internet for example). I want to config RPZ so that when internal users request (external recursive queries will be denied anyway) a sample website, they will be…
Shahriar
  • 53
  • 7
1
vote
0 answers

ISC BIND 9.16.7 - Is it possible to limit forwarder traffic to a specific network interface?

Situation: A Linux box with two physical network interfaces (say eth0 for LAN and eth1 for WAN). Box acts as a router and IPTables firewall, too. Furthermore, an XFRM-Interface (say 'vpn') is there (VPN channel with strongSwan established via WAN…
Gero Peters
  • 11
  • 1
0
votes
0 answers

Bind9 how to use RPZ zone for specific subnets

I already have 1 master(192.168.130.32) 4 slaves(192.168.130.35) and 2 authoritative(192.168.130.33) servers with bind9. My point is to get RPZ(192.168.130.37) from external DNS servers, but I want to split this configuration for example: I have two…
robotiaga
  • 111
  • 1
  • 3
0
votes
0 answers

Best practice to accept RPZ in Bind9

I am currently managing DNS servers using bind9. I have a Master server that serves as the control node for four slave servers and two authoritative servers. I am interested in implementing remote Response Policy Zone (RPZ) from an external DNS…
robotiaga
  • 111
  • 1
  • 3
0
votes
1 answer

Bind with RPZ broke domain forwarding?

I wanted to take my existing internal DNS Bind servers and add some RPZ security. Previously I had split DNS with my internal view set to forward 3 specific domains to my offices internal DNS servers. zone "company.tld" IN { type…
Nick Ellson
  • 1
0
votes
1 answer

Bind RPZ config with domains of various levels

I use RPZ to blacklist some domains and my configuration looks like: *.com A 127.0.0.1 mydomain.net A 127.0.0.1 if i query a whatever domain .com it works correctly giving me 127.0.0.1 let's dig fun.com @localhost, my reply will be: ;; ANSWER…
user3450548
  • 2,714
  • 11
  • 29
  • 46