Bind RPZ dnsfirewall howto's version 2 are here
Hans-Cees Speel
hanscees at hanscees.com
Fri Aug 22 20:29:46 UTC 2014
Hi,
I have updated my 2 dnsfirewall howto's.
1. Dns firewall howto (POC setup bind dns firewall [caching dns (sec)
resolver] with demonstration rpz zone)
2. Arming the dns firewall (added automatical download of open
bad-domains lists daily, so you are protected against reported ip-ranges
and domains)
As on this list you probably know, an ip-firewall can protect your users
from scams and downloads in (email) or via links on webpages by blocking
ranges of ip-addresses, domains or dns-servers.
It is essentially a web-filter, but also for other ports than only 80
and 443 (IE port 53).
You can find the newest versions of the howto's here:
https://app.younited.com/?shareObject=6e808cfb-1640-d4b6-7d72-6d0bcbeb2e58
Amongst others I have added one line in the bind configuration so the
bind version also resolves dnssec.
I have been using this rpz firewall for a few months now and it seems to
be rock solid.
The version on ISC:
http://www.isc.org/wp-content/uploads/2014/05/dns-firewall-howto.pdf
is now obsolete.
Vriendelijke groet, Hans-Cees Speel (hanscees at hanscees.com)
* Eigenaar bomengids.nl <http://www.bomengids.nl> (volg twitter
<http://twitter.com/bomengidsnl>)
* Linked-in profile Hans-Cees <http://nl.linkedin.com/in/hanscees>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140822/54486111/attachment.html>
More information about the bind-users
mailing list