Highest Voted 'rpz' Questions

7

votes

1 answer

BIND, RPZ and Forwarding priorities

My objective is to block certain domains in bind WITHOUT first looking up their address (this is a small caching bind dns server). Currently my configuration will forward the request for badhost.com and get the IP address (I can see this in…

asked Apr 13 '17 at 18:46

Jon T

73

7

votes

1 answer

Set up BIND9 as DNS Firewall

With OpenDNS now needing one to be on the pro package to have filtering turned on, being on a tight budget, we are in need of free DNS filtering. After reading this link on how to block domains with bind, I collected SquidGuard blacklists and…

domain-name-system bind dns-firewall rpz

asked Aug 05 '14 at 14:07

belteshazzar

312

4

votes

1 answer

Alternative ways to get past 32 rpz zone limit in BIND? ...without running BIND a thousand times

Using BIND RPZs gives me exactly what I'm looking for to alter queries. However, my recursive DNS server is in use by hundreds of clients and I am looking for a way to allow each client some level of customization. There's possibly a couple hundred…

domain-name-system dns-zone opendns unbound rpz

asked Jul 05 '16 at 10:10

user74078

3

votes

1 answer

RPZ CNAME leaks usage of RPZ

For history reasons we have both internal (192.168.0.0/16) and public IPs on hosts on one domain (example.com). I now want to split this up so that internal hostnames are not resolved for external users. My current plan is to use bind with RPZ. my…

bind cname-record rpz

asked Nov 29 '17 at 00:25

Clemens Bergmann

315

3

votes

0 answers

How to block AAAA answers for certain domains using RPZ?

Is it possible to block AAAA answers being sent back to clients from a local dns server, but only for certain forward dns domains? I know I can do the filtering based on ipv6 subnet (working sample below), but i would like to filter out based on…

domain-name-system bind ipv6 rpz

asked Aug 16 '20 at 16:33

vobelic

343

2

votes

2 answers

'query_getzonedb()failed: Zone Not Loaded' error in DNS logs

While investigating an incident, I noticed an error in my syslog that looks like this (anonymized): Feb 3 21:59:59 ns1 named[18824]: client xxx.xxx.xxx.xxx#2091 (us-east1-aws.api.snapchat.com): view MyView: rpz QNAME rewrite…

domain-name-system bind rpz

asked Feb 15 '19 at 15:16

Watki02

637

2

votes

0 answers

BIND different forwarder based on response ip (rpz-ip)

I have a recursive BIND dns server . forwarders { 8.8.8.8; }; Is it possible to change the forwarder based on respone ip ? For example if the response is 192.168.1.1 then forward/redirect it to other forwarder ? //if response…

domain-name-system bind dns-zone rpz

asked Sep 14 '17 at 12:35

Omid Kosari

630

2

votes

2 answers

Can DNS RPZ firewalls protect against IP Access?

I am looking into DNS-RPZ firewalls. Can they protect against users browsing to http://{ip-address}? If so how does that work? Given no name resolution is required?

domain-name-system bind rpz dns-firewall

asked Mar 16 '14 at 16:08

Adam Mills

25

2

votes

1 answer

How to automatically rewrite response records obtained using recursion in BIND?

I'm using Bind 9.9.4 on a hypervisor (lets call the hypervisor A) for VMs. The hypervisor has a VPN connection to a different host (lets call it B), which also has a public IP. The bind on hypervisor A is used by the VMs and won't answer to requests…

networking domain-name-system vpn bind rpz

asked Nov 25 '13 at 15:12

Jonas Schäfer

370

1

vote

0 answers

Why does my Bind RPZ config work for one host, but not the other (SERVFAIL)

I have some hosts in a DMZ which need to use LDAP resources on the LAN. We don't forward DNS into the LAN, so instead of adding entries in individual /etc/hosts, I decided to try a Bind RPZ zone to handle DNS to keep all the workarounds in one…

linux bind dns-zone rpz

asked Oct 08 '18 at 15:13

Server Fault

3,884

1

vote

1 answer

serve the root zone with bind and utilize RPZ

I have some problems with configuring BIND as my private server at root zone. I have tried the dot "." (had read somewhere) and an empty string "" (my bad guess) as for the root zone identifier (which both have syntax errors) zone "." { ; sorry …

domain-name-system bind internal-dns rpz

asked Jul 27 '16 at 04:31

F.I.V

139

1

vote

1 answer

Certificate Errors on "redirection" in DNS RPZ of https/ssl

I've set up a DNS RPZ where I "redirect" users to a walled garden using DNS RPZ records when users try to access a list of bad sites. Let's say a user tries to access badsite.com. The redirection to my walled garden for http connections works but…

domain-name-system https redirection rpz dns-firewall

asked Mar 02 '15 at 16:52

thelok

13
3

1

vote

2 answers

Bind9 Response Policy ignoring out-of-zone data

I'm trying to set up response policy on my existing Bind9 server because I'd like to override some of my company public domain to redirect them to our private network ips. I've followed this tutorial…

linux domain-name-system debian bind rpz

asked Nov 10 '21 at 09:23

Ror

383

1

vote

0 answers

Is there a way to block a specific query type on bind

I've been trying to find a way to block the WKS query type from our bind servers. We have found that is is extensively used by tunneling software. I tried using RPZ but i'm not sure on how to block a query type instead of domain. However there seems…

domain-name-system bind rpz

asked Jun 02 '21 at 08:05

Georgios Vasilakis

11
2

1

vote

0 answers

Why does BIND perform a double query before answering NXDOMAIN for a RPZ (response-policy zone)?

The goal is to have a local DNS server with the following specifics: split DNS setup that resolves a FQDN (e.g. localdomain.com) to a local IP instead of the external IP use a RPZ (response policy zone) to answer certain DNS lookups with a NXDOMAIN…

domain-name-system logging bind synology rpz

asked Mar 10 '20 at 22:31

thomas1985

11

Questions tagged [rpz]