On 03/28/2018 12:51 AM, Blason R wrote:
Interesting I didn't know that. Let me dig in..can I have few examples please?
RPZ zones are effectively standard zones. The only difference is that the CNAME record is used to convey information to the RPZ engine (? is that an accurate description ?) that special action should be taken.
I have messed with a project where I donwload newly registered domains daily and build an RPZ zone. The intention is that I can make it appear as if domains registered within the last 1 / 7 / 14 / 28 days do not exist on my personal DNS server. The records look like the following:
example.com CNAME . *.example.com CNAME . example.net CNAME . *.example.net CNAME . example.org CNAME . *.example.org CNAME .As you can see, this is really two records per domain. One for the domain w/o any subordinates, and one for the domain subordinates.
I've been collecting newly registered domains for ~4 months and here's the number for each month thusfar.
2017-12: 2,110,518 (Started collecting December 3rd.) 2018-01: 2,932,808 2018-02: 3,040,718 2018-03: 3,010,168 (Still missing a few days.)I did test all of December's records in a single RPZ zone file, and they worked okay. I only say okay because it took close to a minute for named to start up and my naive OS's start up script coughted up a fur ball after 30 seconds. named was quite happy if I gave it an additional 30 secones.
Note: This was running on a 1.6 GHz AMD Dual-Core E-350 APU w/ 8 GB of memory. More power efficient than a server. ¯\_(ツ)_/¯
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
