[RPZ] Which 'options' section does the RPZ config go in?

ixloran at sent.at ixloran at sent.at
Fri Mar 29 18:56:48 UTC 2013


Hi,

I'm getting started working on RPZ with BIND9.

I got the server patched & built ok.

And I got my config worked out to be

	response-policy {
		zone "rpz.whitelist.local" policy PASSTHRU;
		zone "rpz.local";
		zone "rpz.spamhaus.org";
		zone "drop.rpz.spamhaus.org";
	};
	zone "rpz.whitelist.local" IN {
		type master; file
		"/dns/master/rpz.whitelist.local.zone";
	};
	zone "rpz.local" IN {
		type master; file "/dns/master/rpz.local.zone";
		allow-transfer { none; };
	};
	zone "rpz.spamhaus.org" IN {
		type slave; file "/dns/slave/rpz.spamhaus.org.zone";
		masters { spamhaus; }; allow-transfer { spamhaus; };
		request-ixfr yes; ixfr-from-differences yes;
		notify no;
	};
	zone "drop.rpz.spamhaus.org" IN {
		type slave; file
		"/dns/slave/drop.rpz.spamhaus.org.zone";
		masters { spamhaus; }; allow-transfer { spamhaus; };
		request-ixfr yes; ixfr-from-differences yes;
		notify no;
	};

I run bind in split-view.  Recursion is OFF by default, and for
'external' view.  It's ON for 'internal' view.

I've read what I can find about RPZ but havent wrapped my head around
what's exactly happening completely yet, and I'm confused WHERE exactly
that ^^^ config goes:  in GLOBAL options? in BOTH views' options? or
just one or the other?

Where does that config go?

- Izzy





More information about the DNSfirewalls mailing list