Forum Discussion

Javier_124486's avatar
Javier_124486
Icon for Nimbostratus rankNimbostratus
Feb 12, 2017

DNS RPZ How to configure it

Hello, I've created my own DNS lab and wanted to test RPZ on it. As far as I know RPZ is a DNSEXPRESS Zone that needs to be declare as RPZ in the CACHE profile (the one that will be used in the listener's DNS profile).

 

This also means that you can create your own RPZ using local bind and then "import" then as DNSEXPRESS zone. The theory seems to be easy but i am still unable to get a NXDOMAIN response for certain domain configured as RPZ (Logs and Stats Only option is disabled).

 

So this is my environment:

 

ZONERUNNER: One zone "malware.com" (not quite original, i know) with three A records,test1.malware.com , malware.com and

 

DNSEXPRESS zone malware.com imported and designated as RPZ (checked that the Zone transfer were done ok) CACHE PROFILE=RESOLVER + RPZ "malware.com"

 

DNS profile= Default with DNSSEC,GSLB,DNSEXPRESS and LocalBind disable, while CACHE enabled with the CACHE name resolver.

 

I thought that with this config all the queries that match a RPZ will be answer with NXDOMAIn (In my case, not interested in WALLED GARDEN yet)

 

In resume, I have two question about this, the first one is, does anybody knows what i am doing wrong? The second one is How can i add more than one RPZ zone to the CACHE? (I do understand the concept of Block one DNSexpress zone but how does it works with SPAMHAUS which contains millions of different domains?)

 

Thanks

 

3 Replies

  • Yes, i checked it out, but got a little bit confused in the "Resource records to a custom RPZ" section. Replicate it completely and worked. My fault and now fixed. Cheers

     

  • Yes, i checked it out, but got a little bit confused in the "Resource records to a custom RPZ" section. Replicate it completely and worked. My fault and now fixed. Cheers