[RPZ] Need detail of RPZ
vjs at rhyolite.com
Wed Oct 26 16:25:49 UTC 2011
> From: babu dheen <babudheen at yahoo.co.in>
> To: dnsrpz-interest at lists.isc.org
> Please help me to implement RPZ in BIND .. If you have any document,
> will be happy.
I recommend downloading BIND 9.8.1 from https://www.isc.org/software/bind
or https://www.isc.org/software/bind/981 and consulting the RPZ
configuration instructions in chapter 6 of the
"Administrator Reference Manual."
Version 9.8.1 has changes and improvements in both the code and ARM
After the tarball has been downloaded and unpacked, chapter 6 is
in bind-9.8.1/doc/arm/Bv9ARM.pdf and bind-9.8.1/doc/arm/Bv9ARM.ch06.html
Search for the string "response-policy" on page 55 and starting in
section 184.108.40.206 on page 83.
To use RPZ, one needs policy zone data. That can be generated
locally, but it is often good to also (or instead) use data from
other organizations. Barry Greene's mentioned these RPZ data
providers in his recent webinar:
- Spamhaus' DBL as RPZ
- ActiveTrust Resolver RPZ
- DNS RPZ & SURBL
Soon the ISC Knoweledge Base will contain articles about RPZ.
Vernon Schryver vjs at rhyolite.com
More information about the DNSfirewalls