RPZ configuration examples

Jan-Piet Mens jpmens.dns at gmail.com
Mon Nov 21 14:44:37 UTC 2011

It seems as though you haven't followed some of the advice given you on
this list -- you'll have to do a bit more reading. Nevertheless:

> 1. How frequently DNS server will download the malware domain database

That depends on how frequently the RPZ provider publishes updates to the
zone. RPZ zones are normal master files: they are transferred with AXFR
and/or IXFR.

> 2. From where DNS server downloads the malware domains .. is it from SURBL webiste?

BIND slaves RPZ zones from the RPZ provider's servers. If you intend using this
one, then yes, from SURBL.

> 3. How to whitelist list of official/customer domains from RPZ query
> so that in case customer domain is listed in RPZ , business will not
> be affected?

If you followed the link in the article you mentioned [usual disclaimers
apply] you'll certainly have read that it is indeed possible to
whitelist domains in RPZ, but you'll need the as yet unrealeased BIND
9.9 code to do that.


More information about the bind-users mailing list