Block some users with Bind9
Emiliano Vazquez
emilianovazquez at gmail.com
Fri Jul 27 02:28:51 UTC 2012
El 24/07/12 22:38, Michael Hoskins (michoski) escribió:
> I would try using RPZ with a combination of views and match-clients.
>
> http://jpmens.net/2011/04/26/how-to-configure-your-bind-resolvers-to-lie-us
> ing-response-policy-zones-rpz/
>
Hi Michael.
I was reading about rpz zones but i understand what i need to do.
I follow instructions but i did not get the result explained in the link
For example:
I create rpz.db
##########################################################
$TTL 60
@ IN SOA localhost. root.localhost. (
2 ; serial
3H ; refresh
1H ; retry
1W ; expiry
1H) ; minimum
IN NS localhost.
www.yahoo.com CNAME .
weather.yahoo.com CNAME *.
stocks.yahoo.com CNAME www.google.com.
ad.yahoo.com A 127.0.0.1
##########################################################
then, i create in named.conf the rpz zone:
##########################################################
zone "rpz" {
type master;
file "rpz.db";
allow-query { none; };
allow-transfer { ... ; };
};
##########################################################
The next step is add in named.conf.options the response-policy
##########################################################
response-policy { zone "rpz"; };
##########################################################
Restart bind9 with success! (after several errors).
the i try in one client to get this working and nothing happens.
I did not find any way to see the resolution in the server to see what
is wrong (like asterisk, squid, shorewall).
I'm reading about bind but it is a lot of information and all is too
much technical to me. I lost any time i read about this!
Best regards.
--
Emiliano Vazquez | PcCentro Informatica & CCTV
Office: +54 (11) 4951-0203 Interno 4
Movil: 011-15-6253-7165
Mail: emilianovazquez at gmail.com
Web: http://www.pccentro.com.ar
More information about the bind-users
mailing list