DNS RPZ How to configure it
Hello, I've created my own DNS lab and wanted to test RPZ on it. As far as I know RPZ is a DNSEXPRESS Zone that needs to be declare as RPZ in the CACHE profile (the one that will be used in the listener's DNS profile).
This also means that you can create your own RPZ using local bind and then "import" then as DNSEXPRESS zone. The theory seems to be easy but i am still unable to get a NXDOMAIN response for certain domain configured as RPZ (Logs and Stats Only option is disabled).
So this is my environment:
ZONERUNNER: One zone "malware.com" (not quite original, i know) with three A records,test1.malware.com , malware.com and
DNSEXPRESS zone malware.com imported and designated as RPZ (checked that the Zone transfer were done ok) CACHE PROFILE=RESOLVER + RPZ "malware.com"
DNS profile= Default with DNSSEC,GSLB,DNSEXPRESS and LocalBind disable, while CACHE enabled with the CACHE name resolver.
I thought that with this config all the queries that match a RPZ will be answer with NXDOMAIn (In my case, not interested in WALLED GARDEN yet)
In resume, I have two question about this, the first one is, does anybody knows what i am doing wrong? The second one is How can i add more than one RPZ zone to the CACHE? (I do understand the concept of Block one DNSexpress zone but how does it works with SPAMHAUS which contains millions of different domains?)
Thanks