Is it possible to block resolution of a malware address?
Eivind Olsen
eivind at aminor.no
Fri Apr 1 15:03:04 UTC 2011
> That is, if we know that a symbolic address is malign, is there some way
> to
> refuse to resolve it or change its resolution when an internal users asks
> for
> its resolution?
Two different ways of doing this:
- configure your BIND to believe it's authoritative for the address(es) in
question by configuring it as a zone
or, if you run a recent enough version of BIND:
- set up RPZ, it really is easy to implement (and has the advantage of
scaling nicely with multiple servers as well - configure the RPZ zone
somewhere and let normal zone transfers copy it to the other servers you
have as well)
Regards
Eivind Olsen
eivind at aminor.no
More information about the bind-users
mailing list