<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Sorry for confusion. I thought that you have access to the RPZ feeds. You can not trigger an RPZ rule by the recursion bit. </div><div class="">You should contact to your DNS provider and ask them instead of NXDOMAIN provide you a different response which you can be used to trigger RPZ on your Bind (e.g. unused IP) or even better just send you a redirect to WG page.</div><div class=""><br class=""></div>Vadim<br class=""><div><blockquote type="cite" class=""><div class="">On 04 Aug 2018, at 09:42, Felipe Arturo Polanco <<a href="mailto:felipeapolanco@gmail.com" class="">felipeapolanco@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="auto" class=""><div class="">Hi Vadim,<div dir="auto" class=""><br class=""></div><div dir="auto" class="">Thanks for the response, </div><div dir="auto" class=""><br class=""></div><div dir="auto" class="">How will that zone policy differentiate between responses with the 'recursion available' bit set and unset? </div><div dir="auto" class=""><br class=""></div><div dir="auto" class="">I do not have the list of malware sites, the DNS provider does not share it. </div><div dir="auto" class=""><br class=""></div><div dir="auto" class="">Also I'm no expert with BIND so pardon any outside question. </div><br class=""><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Sat, Aug 4, 2018, 12:27 PM Vadim Pavlov <<a href="mailto:pvm_job@mail.ru" class="">pvm_job@mail.ru</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class=""><div class="">Hi Felipe,</div><div class=""><br class=""></div><div class="">You do need to do that. You may configure redirect action on a zone level. Just add "policy cname domain"</div><div class=""><br class=""></div><div class=""><pre class="m_-5723055048092055957programlisting" style="font-variant-ligatures:normal;background-color:rgb(255,255,255)"> [ <span class="m_-5723055048092055957command"><strong class="">response-policy {</strong></span>
<span class="m_-5723055048092055957command"><strong class="">zone</strong></span> <em class="m_-5723055048092055957replaceable">zone_name</em>
[ <span class="m_-5723055048092055957command"><strong class="">policy</strong></span> ( given | disabled | passthru | drop |
tcp-only | nxdomain | nodata | cname <em class="m_-5723055048092055957replaceable">domain</em> ) ]
[ <span class="m_-5723055048092055957command"><strong class="">recursive-only</strong></span> <em class="m_-5723055048092055957replaceable">yes_or_no</em> ]
[ <span class="m_-5723055048092055957command"><strong class="">max-policy-ttl</strong></span> <em class="m_-5723055048092055957replaceable">number</em> ] ;
...
<span class="m_-5723055048092055957command"><strong class="">}</strong></span></pre><div class=""><br class=""></div></div><div class="">E.g. </div><div class="">response-policy {zone "badlist" cname <a href="http://www.wgarden.com/" target="_blank" rel="noreferrer" class="">www.wgarden.com</a>;};</div><div class=""><br class=""></div><div class="">BR,</div><div class="">Vadim</div><div class=""><blockquote type="cite" class=""><div class="">On 04 Aug 2018, at 06:52, Felipe Arturo Polanco <<a href="mailto:felipeapolanco@gmail.com" target="_blank" rel="noreferrer" class="">felipeapolanco@gmail.com</a>> wrote:</div><br class="m_-5723055048092055957Apple-interchange-newline"><div class=""><div dir="ltr" class="">Hi,<div class=""><br class=""></div><div class="">I have a question regarding BIND and its RPZ functionality.</div><div class=""><br class=""></div><div class="">We are using a DNS provider that blocks malware by returning an NXDOMAIN response back whenever a match is found.</div><div class=""><br class=""></div><div class="">The way they differentiate between real non-existent websites vs malware sites is by turning off the 'recursion available' bit in the NXDOMAIN response, non-existent sites do have this bit turned on.</div><div class=""><br class=""></div><div class="">Is there a way to match this flag in an RPZ policy to redirect malware sites response to a wall garden website while not matching real non-existent websites?</div><div class=""><br class=""></div><div class="">Thanks,</div></div>
_______________________________________________<br class="">Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank" rel="noreferrer" class="">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br class=""><br class="">bind-users mailing list<br class=""><a href="mailto:bind-users@lists.isc.org" target="_blank" rel="noreferrer" class="">bind-users@lists.isc.org</a><br class=""><a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank" rel="noreferrer" class="">https://lists.isc.org/mailman/listinfo/bind-users</a><br class=""></div></blockquote></div><br class=""></div></blockquote></div></div></div>
</div></blockquote></div><br class=""></body></html>