Whitelisting sites using RPZ

Blason R blason16 at gmail.com
Thu Apr 26 04:31:58 UTC 2018

Hi team,

In RPZ since we can build up to 32 zones can I create blacklist and
whitelist policies like this?

response-policy { zone "malware.trap"; zone "whitelist.allow"  policy
passthru; };

zone "malware.trap" {
        type master;
        file "/etc/bind/malware.trap.db";

zone "whitelist.allow" {
        type master;
        file "/etc/bind/whitelist.allow.db";

So which one will take precendence in this case? let say www.google.com
mistakenly entered in malware.trap zone and *.google.com is allowed in
whitelist.allow as rpz-passthru?

BTW first not sure if such configuration can be possible?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180426/81a5dd2d/attachment.html>

More information about the bind-users mailing list