RPZ help on BIND

Chris Buxton clists at buxtonfamily.us
Sat Dec 28 20:12:21 UTC 2013 

Babu Dheen,

The stanza you quoted will get you the zone. It appears to be correct syntax. If you’re using views, put this inside a view; otherwise, put it at the global level.

It will not create a response policy based on the zone. You have to do that yourself. Examples are in the BIND v9 Administrator Reference Manual, assuming your copy of the ARM is up to date and you’re using a relatively recent version of BIND.

The file ‘dbx.rpz.spamhaus.org' will contain a copy of the response policy zone. Again, configuring named to use this as the basis for a response policy requires extra configuration. I don’t know the purpose of this RPZ, so I can’t give you the exact syntax. Perhaps someone from Spamhaus can help you with that.

I don’t have enough context to answer your question about a whitelist. Perhaps someone else can help you with that.

Regards,
Chris Buxton

On Dec 23, 2013, at 5:11 AM, babu dheen <babudheen at yahoo.co.in> wrote:

> Dear All,
> 
>  My BIND DNS server is authorized to use spamhaus RPZ service and spamhaus official team requested me to paste below configuration line in /etc/named.conf file. Since i am new to RPZ and BIND, kindly help me to enable this feature.
> 
> 
> zone "rpz.spamhaus.org" {
>   type slave;
>   file "dbx.rpz.spamhaus.org";
>    masters { 199.168.90.51; 199.168.90.52; 199.168.90.53; };
>   allow-transfer { none; };
>    allow-query { none; };
> };
> 
> My question is:
> 
> 1. If i paste the above line alone in /etc/named.conf file will work?
> 
> 2. What will be the content of dbx.rpz.spamhaus.org file ?
> 
> 3. How to maintain the local whitelist policy?
> 
> 
> Regards
> Babudheen
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131228/f992b66a/attachment.html>

More information about the bind-users mailing list