How to wall garden the malicious domain

Grant Taylor gtaylor at
Thu Apr 19 18:57:18 UTC 2018

On 04/18/2018 11:37 PM, Blason R wrote:
> I need to wall garden the malicious Domain request and instead route to 
> that server itself.

I assume that you are saying that you need to 1) filter malicious 
domains and 2) you want requests for them to be resolved to your (DNS?) 

> e.g. my DNS server IP is and would like to wall-garden the 
> request and provide the IP since I have 0.3 million domains 
> specifying IP in front of them would not be a good option.

What do you mean by "specifying IP in front of them would not be a good 
option"?  Are you saying that you don't want to have "$domain A" entries for all 300k domains?

Without doing anything, BIND will resolve the domains normally.  So you 
will need to do something to each of the domains to cause the RPZ to not 
resolve the domains normally.  This usually means that you will need to 
specify an alternate IP or CNAME for each and every one of them.  I 
don't see a way around this.

> Can you please suggest me the way to do that?

Please elaborate on what you are wanting to do and not do.

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the bind-users mailing list