[RPZ] Which 'options' section does the RPZ config go in?
ixloran at sent.at
ixloran at sent.at
Fri Mar 29 18:56:48 UTC 2013
Hi,
I'm getting started working on RPZ with BIND9.
I got the server patched & built ok.
And I got my config worked out to be
response-policy {
zone "rpz.whitelist.local" policy PASSTHRU;
zone "rpz.local";
zone "rpz.spamhaus.org";
zone "drop.rpz.spamhaus.org";
};
zone "rpz.whitelist.local" IN {
type master; file
"/dns/master/rpz.whitelist.local.zone";
};
zone "rpz.local" IN {
type master; file "/dns/master/rpz.local.zone";
allow-transfer { none; };
};
zone "rpz.spamhaus.org" IN {
type slave; file "/dns/slave/rpz.spamhaus.org.zone";
masters { spamhaus; }; allow-transfer { spamhaus; };
request-ixfr yes; ixfr-from-differences yes;
notify no;
};
zone "drop.rpz.spamhaus.org" IN {
type slave; file
"/dns/slave/drop.rpz.spamhaus.org.zone";
masters { spamhaus; }; allow-transfer { spamhaus; };
request-ixfr yes; ixfr-from-differences yes;
notify no;
};
I run bind in split-view. Recursion is OFF by default, and for
'external' view. It's ON for 'internal' view.
I've read what I can find about RPZ but havent wrapped my head around
what's exactly happening completely yet, and I'm confused WHERE exactly
that ^^^ config goes: in GLOBAL options? in BOTH views' options? or
just one or the other?
Where does that config go?
- Izzy
More information about the DNSfirewalls
mailing list