Question about BIND and RPZ

Vadim Pavlov pvm_job at mail.ru
Sat Aug 4 17:19:36 UTC 2018 

Sorry for confusion. I thought that you have access to the RPZ feeds. You can not trigger an RPZ rule by the recursion bit. 
You should contact to your DNS provider and ask them instead of NXDOMAIN provide you a different response which you can be used to trigger RPZ on your Bind (e.g. unused IP) or even better just send you a redirect to  WG page.

Vadim
> On 04 Aug 2018, at 09:42, Felipe Arturo Polanco <felipeapolanco at gmail.com> wrote:
> 
> Hi Vadim,
> 
> Thanks for the response, 
> 
> How will that zone policy differentiate between responses with the 'recursion available' bit set and unset? 
> 
> I do not have the list of malware sites, the DNS provider does not share it. 
> 
> Also I'm no expert with BIND so pardon any outside question. 
> 
> 
> On Sat, Aug 4, 2018, 12:27 PM Vadim Pavlov <pvm_job at mail.ru <mailto:pvm_job at mail.ru>> wrote:
> Hi Felipe,
> 
> You do need to do that. You may configure redirect action on a zone level. Just add "policy cname domain"
> 
>   [ response-policy {
>         zone zone_name
>       [ policy ( given | disabled | passthru | drop |
>                  tcp-only | nxdomain | nodata | cname domain ) ]
>       [ recursive-only yes_or_no ]
>       [ max-policy-ttl number ] ;
>          ...
>     }
> 
> E.g. 
> response-policy {zone "badlist" cname www.wgarden.com <http://www.wgarden.com/>;};
> 
> BR,
> Vadim
>> On 04 Aug 2018, at 06:52, Felipe Arturo Polanco <felipeapolanco at gmail.com <mailto:felipeapolanco at gmail.com>> wrote:
>> 
>> Hi,
>> 
>> I have a question regarding BIND and its RPZ functionality.
>> 
>> We are using a DNS provider that blocks malware by returning an NXDOMAIN response back whenever a match is found.
>> 
>> The way they differentiate between real non-existent websites vs malware sites is by turning off the 'recursion available' bit in the NXDOMAIN response, non-existent sites do have this bit turned on.
>> 
>> Is there a way to match this flag in an RPZ policy to redirect malware sites response to a wall garden website while not matching real non-existent websites?
>> 
>> Thanks,
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this list
>> 
>> bind-users mailing list
>> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180804/3dba1ef5/attachment-0001.html>

More information about the bind-users mailing list