On Sun, Apr 29, 2018 at 08:27:34AM +0530, Blason R wrote: > Hi Team, > Can someone please confirm if below stuff I found pertaining to BIND can be > implemented with DNS RPZ? If yes can someone please point me to the > appropriate document? > Domain Based Reputational Data > > With the release of BIND 9.8.1 a *new* reputational mechanism is available, > this time for use by DNS resolvers. An organisation is able to receive a > reputational data feed describing internet domains that have a 'poor' > reputation. A poor reputation is usually based on the delivery of malware, > or other forms of nefarious internet activity. > > The ISC have provided an efficient standardised mechanism for the use of > reputational data by recursive DNS resolvers and have left the provision of > the reputational data itself to professional organisations that specialize > in this type of information. Additionally, the response that shall be given > to a client attempting to resolve a domain which is listed amongst those > with a 'poor' reputation is left to the local organisation to decide.
This is basically RPZ. "reputational data feed" is basically a response policy zone. There are feed providers such as Spamhaus, Farsight Security, etc. E.g., see this: https://www.spamhaus.org/news/article/669 Mukund _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
