CategoriesUseful LinksBlog Administration |
RPZ ActionSunday, April 5. 2015The RPZ standard provides many actions, in response to when a trigger is activated. The triggers that are activated can be both from client requests, or the responses from the remote DNS Servers. The actions for these, determine what the requesting client receives back from the DNS Server they are querying. The DNS server can reply with No Domain, No Data for the Domain, Whitelist, and Rewrite record. For BIND 9, there are 2 more actions available Tar-pitting and Quench.
Continue reading "RPZ Action"
Posted by Jason Robertson
in BIND DNS
at
12:46
| Comments (0)
| Trackbacks (0)
Last modified on 2015-04-05 18:27
RPZ TriggersSunday, December 28. 2014Triggers operate from least specific to most specific QNAME Trigger The most common method of triggering RPZ, will be the QNAME Trigger, which is a trigger based on the Domain Name of the requested site. The site can must match exactly except for wildcard matching, which will only replace one level of the domain address. The domain addresses would have the appended to the full address the name of the zone, such as www.domain.com.rpz.zone. Examples of the domains that would be valid are:
Examples of the domains that would be invalid are:
Request IP Trigger (rpz-ip) RPZ can match the returned IP Address for a request from the DNS Server, this could allow for an exception, or to block a site that has many Domain names assigned such as a Virtualhosting company. Part of this format will include the prefix length for the network size, for IPv4 this is a mask between 0 to 32 and 0 to 128 for IPv6 addresses. For IPv6 addresses, you can remove many of the "00" grouping and replace them zz.
Client IP Trigger (rpz-client-ip) RPZ may also match the clients IP Address and will process these, designed to block ddos amplifiers or zombied clients, this will complete an action for a specific client, without obeying triggers. This will in effect can prevent a client from resolving any addresses.
Nameserver Domain Name (rpz-nsdname) RPZ also can provide a method of operating against the hostname of a domain server, and taking an action for any query that comes from a specific DNS Server, and any domains that this server is authoritative for.
Nameserver IP Address (rpz-nsip) RPZ also provide a method of operating against an IP Address of a domain server, and taking an action for any query that comes from a specific DNS Server, and any domains that this server is authoritative for. (Please note in the example 8.8.8.8 is not authortative, so this entry will not work)
Posted by Jason Robertson
in BIND DNS
at
20:35
| Comments (0)
| Trackbacks (0)
Last modified on 2015-02-03 19:50
(Page 1 of 1, totaling 2 entries)
Competition entry by David Cummins powered by Serendipity v1.0 |
|