<div dir="ltr">And would please share your Options para for response-zone 

<span style="color:rgb(34,34,34);font-family:"Courier New";font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">rpz.zone.</span><wbr style="color:rgb(34,34,34);font-family:"Courier New";font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgb(34,34,34);font-family:"Courier New";font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">db</span>

<div><br></div><div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 17, 2018 at 5:43 PM, Philippe Maechler <span dir="ltr"><<a href="mailto:pmaechler-ml@glattnet.ch" target="_blank">pmaechler-ml@glattnet.ch</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="DE-CH" link="blue" vlink="purple"><div class="m_-7450340389656449765WordSection1"><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">Hello blason<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">I'm not an RPZ expert, but we have a running RPZ configuration<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">From named.conf<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">zone "rpz.zone" {<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">        type    master;<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">        file    "/etc/namedb/master/rpz.zone.<wbr>db";<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">        allow-query     { localhost; };<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">        allow-transfer  { <a href="http://192.168.3.0/24" target="_blank">192.168.3.0/24</a>; };<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">};<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">And inside the rpz.zone.db we have:<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span style="font-family:"Courier New"">$TTL 3600<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span style="font-family:"Courier New"">@       IN SOA rpz.zone. rpz.zone. (<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span style="font-family:"Courier New"">       2017100903;<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span style="font-family:"Courier New"">       3600;<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span style="font-family:"Courier New"">       300;<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span style="font-family:"Courier New"">       86400;<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span style="font-family:"Courier New"">       60 )<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span style="font-family:"Courier New"">       IN      NS      localhost.<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span style="font-family:"Courier New""><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">; Malware Domains, NXDOMAIN as a reply<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">;<a href="http://crayumm.com" target="_blank">crayumm.com</a>                  <wbr>  IN      CNAME   .<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">;*.<a href="http://crayumm.com" target="_blank">crayumm.com</a>                <wbr>  IN      CNAME   .<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New""><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">; phising sites<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New""><a href="http://baddomain.com" target="_blank">baddomain.com</a> CNAME .<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New""><a href="http://malwaredomain.com" target="_blank">malwaredomain.com</a> CNAME .<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New""><a href="http://uglydomain.com" target="_blank">uglydomain.com</a> CNAME .<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New""><a href="http://otherbaddomain.com" target="_blank">otherbaddomain.com</a> CNAME .<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New""><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">; and so on<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">This way you don’t increase the size of the named.conf. You only have one RPZ zone and an entry for all “bad” domains inside it<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">I recommend to enable the logging for the RPZ category in named.conf<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">logging {<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">  channel rpz_log {<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">    file "/var/named/var/log/rpz.log" versions 3 size 20m;<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">    print-time yes;<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">    print-category yes;<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">  };<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB" style="font-family:"Courier New"">  category rpz  { rpz_log; syslog_server; };<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">    ….<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">};<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">HTH<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">Philippe<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">-----Original Message-----<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">From: bind-users [mailto:<a href="mailto:bind-users-bounces@lists.isc.org" target="_blank">bind-users-bounces@<wbr>lists.isc.org</a>] On Behalf Of blason16<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">Sent: Tuesday, April 17, 2018 11:49 AM<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">To: <a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><u></u><u></u></span></p><span class=""><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">Subject: Re: Queries related to RPZ<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p></span><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">OK - I resolved the issue now the query I had was how to use tens or<u></u><u></u></span></p><span class=""><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">thousands of zones with DNS RPZ? Will it not increase named.conf file<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">size?Can someone please suggest other way?<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">--<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">Sent from: <a href="http://bind-users-forum.2342410.n4.nabble.com/" target="_blank">http://bind-users-forum.<wbr>2342410.n4.nabble.com/</a><u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">______________________________<wbr>_________________<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/<wbr>listinfo/bind-users</a> to unsubscribe from this list<u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><u></u> <u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">bind-users mailing list<u></u><u></u></span></p></span><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB">mailto:<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.<wbr>org</a><u></u><u></u></span></p><p class="m_-7450340389656449765MsoPlainText"><span lang="EN-GB"><a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/<wbr>listinfo/bind-users</a><u></u><u></u></span></p></div></div></blockquote></div><br></div></div>