Data exfiltration using DNS RPZ

Sten Carlsen stenc at
Sun Jun 17 16:44:28 UTC 2018

Interesting, the Dnssec records with their by definition random and
large content seems to be the most interesting vehicle, at least at
first sight.

Will e.g. the google DNS server or any other resolver deliver and fetch
this data? At the moment I can't think of any reason it should not do so.

To really block this, I think you would need to actually verify the
correctness of the data.

On 17-06-2018 08.43, Blason R wrote:
> Hi Team,
> Can someone please guide if DNS exfiltration techniques can be
> identified using DNS RPZ? Or do I need to install any other third
> party tool like IDS to identify the the DNS beacon channels.
> Has anyone used DNS RPZ to block/detect data exfiltration?
> _______________________________________________
> Please visit to unsubscribe from this list
> bind-users mailing list
> bind-users at

Best regards

Sten Carlsen

No improvements come from shouting:


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list