[DNSfirewalls] rpz firewall + whitelisting

Lee ler762 at gmail.com
Mon Aug 26 19:46:12 UTC 2019

On 8/26/19, m3047 <m3047 at m3047.net> wrote:
> I've always felt best practice was (listed in order of precedence /
> declaration):
> 1) A local whitelist.
> 2) Any third party zones.
> 3) A local blacklist.

Seems like that would work only if you had a script to regenerate your
local lists after a third party zone updates.

I haven't tried this, but let's pretend that
  your local blacklist has *.2o7.net
  a third party blacklist zone adds  bcbsks.com.102.112.2o7.net
I'm guessing that your blacklist doesn't actually blacklist
112.2o7.net & everything below it now.

& just out of curiosity - how do you troubleshoot something like that?
 .. besides eyeballing the rpz zones.


More information about the DNSfirewalls mailing list