How to implement DNS RPZ with Domain Based Reputation Data
Blason R
blason16 at gmail.com
Sun Apr 29 03:14:20 UTC 2018
Oh I see.. I thought this a kind of feature of BIND.
I got it now.
On Sun, Apr 29, 2018 at 8:38 AM, Mukund Sivaraman <muks at isc.org> wrote:
> On Sun, Apr 29, 2018 at 08:27:34AM +0530, Blason R wrote:
> > Hi Team,
> > Can someone please confirm if below stuff I found pertaining to BIND can
> be
> > implemented with DNS RPZ? If yes can someone please point me to the
> > appropriate document?
> > Domain Based Reputational Data
> >
> > With the release of BIND 9.8.1 a *new* reputational mechanism is
> available,
> > this time for use by DNS resolvers. An organisation is able to receive a
> > reputational data feed describing internet domains that have a 'poor'
> > reputation. A poor reputation is usually based on the delivery of
> malware,
> > or other forms of nefarious internet activity.
> >
> > The ISC have provided an efficient standardised mechanism for the use of
> > reputational data by recursive DNS resolvers and have left the provision
> of
> > the reputational data itself to professional organisations that
> specialize
> > in this type of information. Additionally, the response that shall be
> given
> > to a client attempting to resolve a domain which is listed amongst those
> > with a 'poor' reputation is left to the local organisation to decide.
>
> This is basically RPZ. "reputational data feed" is basically a response
> policy zone. There are feed providers such as Spamhaus, Farsight
> Security, etc. E.g., see this:
>
> https://www.spamhaus.org/news/article/669
>
> Mukund
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180429/ffe29542/attachment.html>
More information about the bind-users
mailing list