How to block part of a zone

Merijntje Tak bind-users at gallische-dorp.net
Wed Sep 17 10:32:36 UTC 2014


On 16-09-14 18:20, King, Harold Clyde (Hal) wrote:
> Resolve all traffic for example.com from example.com¹s dns servers, but
> stop badhost.example.com.
Ideally you would use RPZ records for this purpose. You can override
single records with another record. RPZ is only available in bind 9.8+.
An example:
--- Config:
options {
    response-policy { zone "rpz.int.mtak.nl"; };
};

zone "rpz.int.mtak.nl" {
    type master;
    file "/etc/bind/db/rpz.int.mtak.nl.zone";
    allow-transfer { slaves; };
};

--- Zone file:
@            IN    SOA  localhost. root.localhost.  (
                      2014072602   ; serial
                      3H  ; refresh
                      1H  ; retry
                      1W  ; expiry
                      1H) ; minimum
              IN    NS    localhost.

badhost.example.com       IN CNAME    yourcompanywebsite.com ;or
alternatively
badhost.example.com       IN A             0.0.0.0

---
mtak


More information about the bind-users mailing list