How to implement DNS RPZ with Domain Based Reputation Data
blason16 at gmail.com
Sun Apr 29 03:14:20 UTC 2018
Oh I see.. I thought this a kind of feature of BIND.
I got it now.
On Sun, Apr 29, 2018 at 8:38 AM, Mukund Sivaraman <muks at isc.org> wrote:
> On Sun, Apr 29, 2018 at 08:27:34AM +0530, Blason R wrote:
> > Hi Team,
> > Can someone please confirm if below stuff I found pertaining to BIND can
> > implemented with DNS RPZ? If yes can someone please point me to the
> > appropriate document?
> > Domain Based Reputational Data
> > With the release of BIND 9.8.1 a *new* reputational mechanism is
> > this time for use by DNS resolvers. An organisation is able to receive a
> > reputational data feed describing internet domains that have a 'poor'
> > reputation. A poor reputation is usually based on the delivery of
> > or other forms of nefarious internet activity.
> > The ISC have provided an efficient standardised mechanism for the use of
> > reputational data by recursive DNS resolvers and have left the provision
> > the reputational data itself to professional organisations that
> > in this type of information. Additionally, the response that shall be
> > to a client attempting to resolve a domain which is listed amongst those
> > with a 'poor' reputation is left to the local organisation to decide.
> This is basically RPZ. "reputational data feed" is basically a response
> policy zone. There are feed providers such as Spamhaus, Farsight
> Security, etc. E.g., see this:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users