[RPZ] Need detail of RPZ
Vernon Schryver
vjs at rhyolite.com
Wed Oct 26 16:25:49 UTC 2011
> From: babu dheen <babudheen at yahoo.co.in>
> To: dnsrpz-interest at lists.isc.org
> Please help me to implement RPZ in BIND .. If you have any document,
> will be happy.
I recommend downloading BIND 9.8.1 from https://www.isc.org/software/bind
or https://www.isc.org/software/bind/981 and consulting the RPZ
configuration instructions in chapter 6 of the
"Administrator Reference Manual."
Version 9.8.1 has changes and improvements in both the code and ARM
documentation.
After the tarball has been downloaded and unpacked, chapter 6 is
in bind-9.8.1/doc/arm/Bv9ARM.pdf and bind-9.8.1/doc/arm/Bv9ARM.ch06.html
Search for the string "response-policy" on page 55 and starting in
section 6.2.16.20 on page 83.
To use RPZ, one needs policy zone data. That can be generated
locally, but it is often good to also (or instead) use data from
other organizations. Barry Greene's mentioned these RPZ data
providers in his recent webinar:
- Spamhaus' DBL as RPZ
http://www.spamhaus.org/news.lasso?article=669
- ActiveTrust Resolver RPZ
http://internetidentity.com
- DNS RPZ & SURBL
http://www.surbl.org
Soon the ISC Knoweledge Base will contain articles about RPZ.
See https://deepthought.isc.org/
Vernon Schryver vjs at rhyolite.com
More information about the DNSfirewalls
mailing list