Bind RPZ dnsfirewall howto's version 2 are here

Hans-Cees Speel hanscees at hanscees.com
Fri Aug 22 20:29:46 UTC 2014


Hi,

I have updated my 2 dnsfirewall howto's.
1. Dns firewall howto (POC setup bind dns firewall [caching dns (sec) 
resolver] with demonstration rpz zone)
2. Arming the dns firewall (added automatical download of open 
bad-domains lists daily, so you are protected against reported ip-ranges 
and domains)

As on this list you probably know, an ip-firewall can protect your users 
from scams and downloads in (email) or via links on webpages by blocking 
ranges of ip-addresses, domains or dns-servers.
It is essentially a web-filter, but also for other ports than only 80 
and 443 (IE port 53).

You can find the newest versions of the howto's here:
https://app.younited.com/?shareObject=6e808cfb-1640-d4b6-7d72-6d0bcbeb2e58

Amongst others I have added one line in the bind configuration so the 
bind version also resolves dnssec.
I have been using this rpz firewall for a few months now and it seems to 
be rock solid.

The version on ISC:
http://www.isc.org/wp-content/uploads/2014/05/dns-firewall-howto.pdf

is now obsolete.

Vriendelijke groet, Hans-Cees Speel (hanscees at hanscees.com)

* Eigenaar bomengids.nl <http://www.bomengids.nl> (volg twitter 
<http://twitter.com/bomengidsnl>)
* Linked-in profile Hans-Cees <http://nl.linkedin.com/in/hanscees>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140822/54486111/attachment.html>


More information about the bind-users mailing list