[RPZ] Need detail of RPZ

Vernon Schryver vjs at rhyolite.com
Wed Oct 26 16:25:49 UTC 2011

> From: babu dheen <babudheen at yahoo.co.in>
> To: dnsrpz-interest at lists.isc.org

> Please help me to implement RPZ in BIND .. If you have any document,
> will be happy.

I recommend downloading BIND 9.8.1 from https://www.isc.org/software/bind
or https://www.isc.org/software/bind/981 and consulting the RPZ
configuration instructions in chapter 6 of the
"Administrator Reference Manual."
Version 9.8.1 has changes and improvements in both the code and ARM

After the tarball has been downloaded and unpacked, chapter 6 is
in bind-9.8.1/doc/arm/Bv9ARM.pdf and bind-9.8.1/doc/arm/Bv9ARM.ch06.html
Search for the string "response-policy" on page 55 and starting in 
section on page 83.

To use RPZ, one needs policy zone data.  That can be generated
locally, but it is often good to also (or instead) use data from
other organizations.  Barry Greene's mentioned these RPZ data
providers in his recent webinar:

 - Spamhaus' DBL as RPZ
 - ActiveTrust Resolver RPZ

Soon the ISC Knoweledge Base will contain articles about RPZ.
See https://deepthought.isc.org/

Vernon Schryver    vjs at rhyolite.com

More information about the DNSfirewalls mailing list