RPZ help on BIND

babu dheen babudheen at yahoo.co.in
Thu Jan 2 10:47:40 UTC 2014


Dear All,

 Kindly help me on my requirement.

Regards
Papdheen M





On Sunday, 29 December 2013 12:13 PM, babu dheen <babudheen at yahoo.co.in> wrote:
 
Thanks Chris. Actually I am using latest version of BIND in RPM format downloaded from RHN. I just need to configure RPZ with customized blackhole IP address (manually defined) for domain accessing malware domain.

Regards
Babu





On Saturday, 28 December 2013 11:12 PM, Chris Buxton <clists at buxtonfamily.us> wrote:
 
Babu Dheen,

The stanza you quoted will get you the zone. It appears to be correct syntax. If you’re using views, put this inside a view; otherwise, put it at the global level.

It will not create a response policy based on the zone. You have to do that yourself. Examples are in the BIND v9 Administrator Reference Manual, assuming your copy of the ARM is up to date and you’re using a relatively recent version of BIND.

The file ‘dbx.rpz.spamhaus.org' will contain a copy of the response policy zone. Again, configuring named to use this as the basis for a response policy requires extra configuration. I don’t know the purpose of this RPZ, so I can’t give you the exact syntax. Perhaps someone from Spamhaus can help you with that.

I don’t have enough context to answer your question about a whitelist. Perhaps someone else can help you with that.

Regards,
Chris Buxton

On Dec 23, 2013, at 5:11 AM, babu dheen <babudheen at yahoo.co.in> wrote:

Dear All,
>
>
> My BIND DNS server is authorized to use spamhaus RPZ service and spamhaus 
official team requested me to paste below configuration line in 
/etc/named.conf file. Since i am new to RPZ and BIND, kindly help me to 
enable this feature.
>
>
>
>
>
>zone "rpz.spamhaus.org" {
>  type slave;
>  file "dbx.rpz.spamhaus.org";
>   masters { 199.168.90.51; 199.168.90.52; 199.168.90.53; };
>  allow-transfer { none; };
>   allow-query { none; };
>};
>
>
>
>My question is:
>
>
>1. If i paste the above line alone in /etc/named.conf file will work?
>
>
>2. What will be the content of dbx.rpz.spamhaus.org file ?
>
>
>3. How to maintain the local whitelist policy?
>
>
>
>
>Regards
>Babudheen_______________________________________________
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
>bind-users mailing list
>bind-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140102/5c3ac5c2/attachment.html>


More information about the bind-users mailing list