Bind RPZ dnsfirewall howto's version 2 are here
hanscees at hanscees.com
Fri Aug 22 20:29:46 UTC 2014
I have updated my 2 dnsfirewall howto's.
1. Dns firewall howto (POC setup bind dns firewall [caching dns (sec)
resolver] with demonstration rpz zone)
2. Arming the dns firewall (added automatical download of open
bad-domains lists daily, so you are protected against reported ip-ranges
As on this list you probably know, an ip-firewall can protect your users
from scams and downloads in (email) or via links on webpages by blocking
ranges of ip-addresses, domains or dns-servers.
It is essentially a web-filter, but also for other ports than only 80
and 443 (IE port 53).
You can find the newest versions of the howto's here:
Amongst others I have added one line in the bind configuration so the
bind version also resolves dnssec.
I have been using this rpz firewall for a few months now and it seems to
be rock solid.
The version on ISC:
is now obsolete.
Vriendelijke groet, Hans-Cees Speel (hanscees at hanscees.com)
* Eigenaar bomengids.nl <http://www.bomengids.nl> (volg twitter
* Linked-in profile Hans-Cees <http://nl.linkedin.com/in/hanscees>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users