[RPZ] "DNS Firewalls In Action - RPZ vs. Spam" (circleid)

April Lorenzen data at serverauthority.net
Sat Jan 5 04:20:03 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 1/4/13 1:54 PM, Paul Vixie wrote:
> 
> 
> April Lorenzen wrote:
>> ...
>> 
>> I also have a commercial RPZ offering and can add domains that are received as queries to IsNu.us - to the rpzone if the 
>> query resulted from malicious activity.
> 
> how would you know which queries resulted from malicious activity?
> 
>> ...
>> 
>> Since this is not a discussion list about anything other than RPZ and IsNu.us is not an RPZone, feel free to discuss it 
>> further with me privately. Although it is in production use, there are considerations and caveats.
> 
> does your commercial RPZ have a web page? i'd like to list it in my examples when i talk about RPZ.

The same web page as all my DNS query services for domain reputation data points:

https://service.dissectcyber.com

The S for httpS isn't required but will be forced anyway. That site is accessible to the public though to go further than seeing a
screenshot of the dashboard requires some level of identification or spoofing of identification. I don't say a whole lot about
RPZone.us in the description of it because I'm still shy of miscreants. Plus it seems that users don't know or want to know about
the role of authoritative name servers in my determination of domain reputation anyway.

I don't think you'll approve of my implementation at all - yet it has been found useful for production users.

I would have liked to respond to your question of whether more zones causes rpz enabled bind to slow down more but I eventually
realized I don't have the kind of query volume that would show any change in performance.

Thank you,

- - April Lorenzen
https://service.dissectcyber.com

> paul
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlDnqe0ACgkQU60bNfmbotSoIACeNlOkXb863YJj/oji18FrSIC1
iPEAoJo5WoAaIDePmKrTU1yadavTmjde
=bH0N
-----END PGP SIGNATURE-----



More information about the DNSfirewalls mailing list