Bind RPZ dnsfirewall howto's version 2 are here

Hans-Cees Speel hanscees at
Fri Aug 22 20:29:46 UTC 2014


I have updated my 2 dnsfirewall howto's.
1. Dns firewall howto (POC setup bind dns firewall [caching dns (sec) 
resolver] with demonstration rpz zone)
2. Arming the dns firewall (added automatical download of open 
bad-domains lists daily, so you are protected against reported ip-ranges 
and domains)

As on this list you probably know, an ip-firewall can protect your users 
from scams and downloads in (email) or via links on webpages by blocking 
ranges of ip-addresses, domains or dns-servers.
It is essentially a web-filter, but also for other ports than only 80 
and 443 (IE port 53).

You can find the newest versions of the howto's here:

Amongst others I have added one line in the bind configuration so the 
bind version also resolves dnssec.
I have been using this rpz firewall for a few months now and it seems to 
be rock solid.

The version on ISC:

is now obsolete.

Vriendelijke groet, Hans-Cees Speel (hanscees at

* Eigenaar <> (volg twitter 
* Linked-in profile Hans-Cees <>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list