Thanks for your quick response,
I did that here is the statement in option section.
-Original Message-
From: Daniel Stirnimann [mailto:daniel.stirnim...@switch.ch]
Sent: Tuesday, July 14, 2020 9:25 AM
To: MEjaz ; bind-users@lists.isc.org
Subject: Re: scripts-to-block-
Hello Mohammed,
I don't see that you specified a "response-policy" [1] statement. You
need something like this as well:
response-policy {
zone "rpz.local" policy given;
}
// Apply RPZ policy to DNSSEC signed zones
break-dnssec yes
;
[1]
https://ftp.isc.org/isc/bind9/cur/9.16/doc/arm/html/ref
Hello all,
Thanks for every one's contribution. I use RPZ and listed 5000 forged
domain to block it in a particular zone without having addiotnal zones, I
hope that's the feature of RPZ, Seems good.
Below is snippet for your review for the zone and file db.rpz.local which
was copi
On 7/13/20 12:44 AM, MEjaz wrote:
Hell all,
Hi,
I have an requirement from our national Cyber security to block several
thousand forged domains from our recursive servers, Is there any way we
can add clause in named.conf to scan such bogus domain list without
impacting the performance of
Hello Mohammed,
You can use RPZ (Response Policy Zone). The following link should give
you a good introduction on how to set this up:
Building DNS Firewalls with Response Policy Zones (RPZ)
https://kb.isc.org/docs/aa-00525
Daniel
On 13.07.20 08:44, MEjaz wrote:
> Hell all,
>
>
>
>
>
>
5 matches
Mail list logo
