Queries related to RPZ

Blason R blason16 at gmail.com
Tue Apr 17 12:23:30 UTC 2018 

And would please share your Options para for response-zone  rpz.zone.db



On Tue, Apr 17, 2018 at 5:43 PM, Philippe Maechler <pmaechler-ml at glattnet.ch
> wrote:

> Hello blason
>
>
>
> I'm not an RPZ expert, but we have a running RPZ configuration
>
>
>
> From named.conf
>
>
>
> zone "rpz.zone" {
>
>         type    master;
>
>         file    "/etc/namedb/master/rpz.zone.db";
>
>         allow-query     { localhost; };
>
>         allow-transfer  { 192.168.3.0/24; };
>
> };
>
>
>
> And inside the rpz.zone.db we have:
>
> $TTL 3600
>
> @       IN SOA rpz.zone. rpz.zone. (
>
>        2017100903;
>
>        3600;
>
>        300;
>
>        86400;
>
>        60 )
>
>        IN      NS      localhost.
>
>
>
> ; Malware Domains, NXDOMAIN as a reply
>
> ;crayumm.com                    IN      CNAME   .
>
> ;*.crayumm.com                  IN      CNAME   .
>
>
>
> ; phising sites
>
> baddomain.com CNAME .
>
> malwaredomain.com CNAME .
>
> uglydomain.com CNAME .
>
> otherbaddomain.com CNAME .
>
>
>
> ; and so on
>
>
>
> This way you don’t increase the size of the named.conf. You only have one
> RPZ zone and an entry for all “bad” domains inside it
>
>
>
> I recommend to enable the logging for the RPZ category in named.conf
>
> logging {
>
>  channel rpz_log {
>
>     file "/var/named/var/log/rpz.log" versions 3 size 20m;
>
>     print-time yes;
>
>     print-category yes;
>
>   };
>
>   category rpz  { rpz_log; syslog_server; };
>
>     ….
>
> };
>
>
>
> HTH
>
>
>
> Philippe
>
>
>
> -----Original Message-----
>
> From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of
> blason16
>
> Sent: Tuesday, April 17, 2018 11:49 AM
>
> To: bind-users at lists.isc.org
>
> Subject: Re: Queries related to RPZ
>
>
>
> OK - I resolved the issue now the query I had was how to use tens or
>
> thousands of zones with DNS RPZ? Will it not increase named.conf file
>
> size?Can someone please suggest other way?
>
>
>
>
>
>
>
> --
>
> Sent from: http://bind-users-forum.2342410.n4.nabble.com/
>
> _______________________________________________
>
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
>
>
> bind-users mailing list
>
> mailto:bind-users at lists.isc.org
>
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180417/842d42f3/attachment-0001.html>

More information about the bind-users mailing list