How to implement DNS RPZ with Domain Based Reputation Data
Mukund Sivaraman
muks at isc.org
Sun Apr 29 03:08:24 UTC 2018
On Sun, Apr 29, 2018 at 08:27:34AM +0530, Blason R wrote:
> Hi Team,
> Can someone please confirm if below stuff I found pertaining to BIND can be
> implemented with DNS RPZ? If yes can someone please point me to the
> appropriate document?
> Domain Based Reputational Data
>
> With the release of BIND 9.8.1 a *new* reputational mechanism is available,
> this time for use by DNS resolvers. An organisation is able to receive a
> reputational data feed describing internet domains that have a 'poor'
> reputation. A poor reputation is usually based on the delivery of malware,
> or other forms of nefarious internet activity.
>
> The ISC have provided an efficient standardised mechanism for the use of
> reputational data by recursive DNS resolvers and have left the provision of
> the reputational data itself to professional organisations that specialize
> in this type of information. Additionally, the response that shall be given
> to a client attempting to resolve a domain which is listed amongst those
> with a 'poor' reputation is left to the local organisation to decide.
This is basically RPZ. "reputational data feed" is basically a response
policy zone. There are feed providers such as Spamhaus, Farsight
Security, etc. E.g., see this:
https://www.spamhaus.org/news/article/669
Mukund
More information about the bind-users
mailing list