Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15975

Re: scripts-to-block-domains

From Daniel Stirnimann <daniel.stirnimann@switch.ch>
Newsgroups comp.protocols.dns.bind
Subject Re: scripts-to-block-domains
Date 2020-07-13 09:34 +0200
Message-ID <mailman.702.1594625689.942.bind-users@lists.isc.org> (permalink)
References <117301d658e1$0f6966a0$2e3c33e0$@cyberia.net.sa> <d053e782-ac67-f0df-a395-a3c1e9eda46a@switch.ch>

Show all headers | View raw

Hello Mohammed,

You can use RPZ (Response Policy Zone). The following link should give
you a good introduction on how to set this up:

Building DNS Firewalls with Response Policy Zones (RPZ)
https://kb.isc.org/docs/aa-00525

Daniel


On 13.07.20 08:44, MEjaz wrote:
> Hell  all,
> 
>  
> 
>  
> 
> I have an requirement from our  national Cyber security to block several
> thousand forged domains from our recursive servers, Is there any way we
> can add clause in named.conf to scan such bogus domain list without
> impacting the performance of the servers.
> 
>  
> 
> Thanks in advance.. for the usual contribution.
> 
>  
> 
>  
> 
> Thanks,
> 
> Mohammed Ejaz
> 
> Asst. Operation Director of Systems.
> 
> Cyberia SAUDI ARABIA
> 
> P.O.Box: 301079, Riyadh 11372
> 
> Phone:  (+966) 11 464 7114 Ext. 140
> 
> Mobile:  (+966) 562311787
> 
> Fax:      (+966) 11 465 4735
> 
> Website: http://www.cyberia.net.sa

Back to comp.protocols.dns.bind | Previous | Next | Find similar

Thread

Re: scripts-to-block-domains Daniel Stirnimann <daniel.stirnimann@switch.ch> - 2020-07-13 09:34 +0200

csiph-web