[RPZ] How to map NXDOMAIN with some dummy domain in RPZ

Vernon Schryver vjs at rhyolite.com
Tue Jul 3 13:34:56 UTC 2012


> From: Gaurav Kansal <gaurav.kansal at live.in>

> I configure the RPZ domain in my BIND Server.
> 
> I get feed from one of the security firm. In that feed, i get the zone file something like this:
> 
> $ORIGIN ae.rpz.xyz.net.
> proxymedia              CNAME   .
> $ORIGIN proxymedia.ae.rpz.xyz.net.
> *                       CNAME   .
> 
> Now what i want to re-direct those malicious domain to one of my
> honey-pot server. But for that, i need to have a CNAME other than '.'
> 
> What should i do?
> 
> Is there any feature in RPZ to rewrite '.' to some other dummy domain?

The "Response Policy Zone (RPZ) Rewriting" section Chapter 6, "BIND 9
Configuration Reference" of the ARM, the Administrator's Reference Manual,
says in part:

] The policies specified in individual records in an RPZ can be
] overridden with a policy clause in the response-policy option. An
] organization using an RPZ provided by another organization might
] use this mechanism to redirect domains to its own walled garden.
] ...
 
] 	CNAME domain causes all RPZ policy records to act as if
] 	they were "cname domain" records.


Vernon Schryver    vjs at rhyolite.com



More information about the DNSfirewalls mailing list