Hello, Rear View RPZ (https://github.com/m3047/rear_view_rpz) is now
generally available: turn your local BIND resolver into a network
investigation enabler with locally generated PTR records.
Ok, sure, some of you may be using it as a network investigation tool
already. If so, you're probably well aware of the problems with PTR
records for local visibility:
* Whoever controls the address space, not the domain, controls the PTR
record.
* They don't necessarily get updated when domains get updated.
* Network owners lie.
* The records are just ignored.
* Many FQDNs can point at an address (vhosting).
* CNAMEs confound the intent of PTR records.
What FQDN did /YOUR/ users look up which resolved to that address? Rear
View RPZ can tell you.
To have success with it in its present state:
* You should be familiar with configuring BIND.
* You should be capable of building it from source.
* You should be capable of resolving prerequisites (e.g. frame
streams, protobuf) when doing so.
* You should be familiar with Python syntax.
* You should understand a systemd service file.
And I have one small favor to ask: if you know of a Linux distribution
which ships BIND compiled with Dnstap support, please let me know!
Cheers...
--
Fred Morris
This is being posted to the Dnstap, RPZ and BIND Users mailing lists.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
