Response Policy Zones are a form of DNS firewall that define policy actions within a DNS zone file.
Questions tagged [rpz]
25 questions
0
votes
1 answer
Wildcards in RPZ (response policy zones)
Is it possible to have wildcards domains in the middle of a domain name using response policy zones? For example s3.*.amazonaws.com.
If this is not possible, is there a technology, that can do this?
stena
- 101
- 4
0
votes
2 answers
Get DNS 'Additional section' using Windows (nslookup option?)
I can use dig to get the full master file output of DNS info, and for my problem I am interested in the information in the "additional" section:
$ dig example.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> example.com
;; global options: +cmd
;;…
Watki02
- 587
- 2
- 12
- 22
0
votes
2 answers
With BIND 9 how can I match-clients in multiple views?
BIND appears to be looking at the configuration file from top-down and assigning queries to the first matching view based on match-clients. According to http://www.zytrax.com/books/dns/ch7/view.html that's exactly how it's supposed to work.
In my…
user74078
0
votes
1 answer
Why does nslookup not return what I am expecting from my bind server? (RPZ configured)
Prior to this question I was looking for some help in finding a way to return a different response to querying clients based on their IP Address. The question was answered here: How can I selectively override some A records on a Bind DNS Server?
I…
Kladskull
- 1,255
- 5
- 15
- 32
0
votes
0 answers
Sometimes, the Bind9 will return the recursive record after I configure the response policy zone
I configure a response policy zone in my DNS server and I use that to block two domains.
This is my zone file.
$TTL 1
$ORIGIN rpztest.
@ IN SOA ns1.fati. ns2.fati. (
1 ; Serial
…
北山硝子
- 1
- 1
0
votes
0 answers
Bind9 how to use RPZ zone for specific subnets
I already have 1 master(192.168.130.32) 4 slaves(192.168.130.35) and 2 authoritative(192.168.130.33) servers with bind9.
My point is to get RPZ(192.168.130.37) from external DNS servers, but I want to split this configuration for example:
I have two…
robotiaga
- 101
0
votes
2 answers
How to set up whitelisting on a DNS forwarding server with BIND9?
I have set up a DNS forwarding server on Ubuntu 20.04 LTS using Bind 9. I need to implement DNS whitelisting, however, I have not found any tutorials which explain how to set it up. I have tried looking at information about Response Policy Zones…
jefazo92
- 33
- 2
- 6
0
votes
2 answers
Bind9 Response Policy ignoring out-of-zone data
I'm trying to set up response policy on my existing Bind9 server because I'd like to override some of my company public domain to redirect them to our private network ips.
I've followed this tutorial…
Ror
- 321
- 3
- 16
0
votes
1 answer
Overriding a .local Domain to a Public IP
I am using a BIND9 DNS server for my org, and I have an application that was published with a .local domain: example.website.local. There is an .com alternative that I want to re-map the .local to using the DNS server, but I don't know if it will be…
TrivPants
- 11
- 1
-2
votes
2 answers
Block IP in DNS Zone File (Instead of Domain)
I'm using bind9 DNS server. I used to block websites using their domain name in RPZ zone file such as:
malicious.example CNAME .
But, I need to block IP rather than domain such as:
192.0.2.4 CNAME .
How can I do this? Or, is the above…
