DNS Firewall RPZ implementation on ISPCONFIG 3 Environment

Discussion in 'General' started by Maile Halatuituia, Jun 20, 2016.

  1. Anyone with experience of Implementing RPZ in ISPCONFIG DNS setup please share a working setup.
    Thanks in advance
     
  2. anyone have any input ... i really appreciate any info or directions please.
    thanks in advance
     
  3. i have manage to figure this out i will post the detail soon ....
     
    till likes this.
  4. (five30.othihmm.ru): view myview: rpz QNAME NXDOMAIN rewrite five30.othihmm.ru via five30.othihmm.ru.whiteandblacklist.blahblahblah ....
    this is part of the dns request from several of my clients that my rpz enable dns rewrite its response base on predetermine bad domain. ..... after searching and for over two weeks now i have managed to set it up correctly and work perfect. The good part is that it can block domain based malware using domain names. Now i can not only block domain, but also networks and more importantly namesever that server these bad domain, saying that i am sure it is possible to blocks hurdreds or even thousand bad domains using this bind feature. ..... Because i am using different view i include this one line on every view i have in named.conf.options
    response-policy { zone "whiteandblacklist.internal.org"; };

    then in my views config file like
    named.viewname.conf which also include in each view i define my zone and the zone file.

    and on my zone file i set this to block all domain end with .ru.
    *.ru 3600 IN CNAME .
    Note : It is important to include the dot at the end co's that's will tell bind to reply with NXDOMAIN to client what query the domain.
    If you want to allow certain subdomain you can include a line like this before the line above.
    anysubdomain.ru 3600 IN CNAME rpz-passthru.

    I hope this will help someone out there ,,,
    cheers
     

Share This Page