Custom DNS Filtering Plugin in BIND 9
Michael De Roover
isc at nixmagic.com
Wed Mar 19 14:18:57 UTC 2025
On Wednesday, March 19, 2025 3:01:48 PM CET Bob McDonald wrote:
> Maybe I'm not understanding all the nuances of the stated goal but doesn't
> RPZ handle this?
Was my first thought as well, works fine for me.
In named.conf:
options {
// RPZ zone
// Source: https://deteque.com/m3aawg-bind-training/named.conf
response-policy {
zone "rpz.local";
};
};
// Response Policy Zone
zone "rpz.local" {
type primary;
file "/path/to/rpz.local.db";
};
----
In rpz.local.db:
$TTL 300
@ IN SOA localhost. admin.localhost. (
1 ; Serial number
60 ; Refresh every minute
60 ; Retry every minute
43200 ; Expire in 5 days
60 ) ; Negative cache TTL 1 minute
IN NS LOCALHOST.
; Examples
example.net IN CNAME localhost.
----
Note that the public domain name records to be redirected via RPZ cannot have a trailing
dot.
--
Met vriendelijke groet,
Michael De Roover
Mail: isc at nixmagic.com
Web: michael.de.roover.eu.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250319/fd8d8419/attachment.htm>
More information about the bind-users
mailing list