[DNSfirewalls] rpz firewall + whitelisting
Lee
ler762 at gmail.com
Mon Aug 26 19:46:12 UTC 2019
On 8/26/19, m3047 <m3047 at m3047.net> wrote:
> I've always felt best practice was (listed in order of precedence /
> declaration):
>
> 1) A local whitelist.
>
> 2) Any third party zones.
>
> 3) A local blacklist.
Seems like that would work only if you had a script to regenerate your
local lists after a third party zone updates.
I haven't tried this, but let's pretend that
your local blacklist has *.2o7.net
a third party blacklist zone adds bcbsks.com.102.112.2o7.net
I'm guessing that your blacklist doesn't actually blacklist
112.2o7.net & everything below it now.
& just out of curiosity - how do you troubleshoot something like that?
.. besides eyeballing the rpz zones.
Thanks
Lee
More information about the DNSfirewalls
mailing list