Queries related to RPZ
Philippe Maechler
pmaechler-ml at glattnet.ch
Tue Apr 17 12:13:27 UTC 2018
Hello blason
I'm not an RPZ expert, but we have a running RPZ configuration
>From named.conf
zone "rpz.zone" {
type master;
file "/etc/namedb/master/rpz.zone.db";
allow-query { localhost; };
allow-transfer { 192.168.3.0/24; };
};
And inside the rpz.zone.db we have:
$TTL 3600
@ IN SOA rpz.zone. rpz.zone. (
2017100903;
3600;
300;
86400;
60 )
IN NS localhost.
; Malware Domains, NXDOMAIN as a reply
;crayumm.com IN CNAME .
;*.crayumm.com IN CNAME .
; phising sites
baddomain.com CNAME .
malwaredomain.com CNAME .
uglydomain.com CNAME .
otherbaddomain.com CNAME .
; and so on
This way you don't increase the size of the named.conf. You only have one
RPZ zone and an entry for all "bad" domains inside it
I recommend to enable the logging for the RPZ category in named.conf
logging {
channel rpz_log {
file "/var/named/var/log/rpz.log" versions 3 size 20m;
print-time yes;
print-category yes;
};
category rpz { rpz_log; syslog_server; };
..
};
HTH
Philippe
-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of
blason16
Sent: Tuesday, April 17, 2018 11:49 AM
To: bind-users at lists.isc.org
Subject: Re: Queries related to RPZ
OK - I resolved the issue now the query I had was how to use tens or
thousands of zones with DNS RPZ? Will it not increase named.conf file
size?Can someone please suggest other way?
--
Sent from: http://bind-users-forum.2342410.n4.nabble.com/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
mailto:bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180417/2462e5b3/attachment.html>
More information about the bind-users
mailing list