Re: How to implement DNS RPZ with Domain Based Reputation Data

2018-04-28 Thread Blason R 
Oh I see.. I thought this a kind of feature of BIND.

I got it now.

On Sun, Apr 29, 2018 at 8:38 AM, Mukund Sivaraman  wrote:

> On Sun, Apr 29, 2018 at 08:27:34AM +0530, Blason R wrote:
> >  Hi Team,
> > Can someone please confirm if below stuff I found pertaining to BIND can
> be
> > implemented with DNS RPZ? If yes can someone please point me to the
> > appropriate document?
> > Domain Based Reputational Data
> >
> > With the release of BIND 9.8.1 a *new* reputational mechanism is
> available,
> > this time for use by DNS resolvers. An organisation is able to receive a
> > reputational data feed describing internet domains that have a 'poor'
> > reputation. A poor reputation is usually based on the delivery of
> malware,
> > or other forms of nefarious internet activity.
> >
> > The ISC have provided an efficient standardised mechanism for the use of
> > reputational data by recursive DNS resolvers and have left the provision
> of
> > the reputational data itself to professional organisations that
> specialize
> > in this type of information. Additionally, the response that shall be
> given
> > to a client attempting to resolve a domain which is listed amongst those
> > with a 'poor' reputation is left to the local organisation to decide.
>
> This is basically RPZ. "reputational data feed" is basically a response
> policy zone. There are feed providers such as Spamhaus, Farsight
> Security, etc. E.g., see this:
>
> https://www.spamhaus.org/news/article/669
>
> Mukund
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to implement DNS RPZ with Domain Based Reputation Data

2018-04-28 Thread Mukund Sivaraman 
On Sun, Apr 29, 2018 at 08:27:34AM +0530, Blason R wrote:
>  Hi Team,
> Can someone please confirm if below stuff I found pertaining to BIND can be
> implemented with DNS RPZ? If yes can someone please point me to the
> appropriate document?
> Domain Based Reputational Data
> 
> With the release of BIND 9.8.1 a *new* reputational mechanism is available,
> this time for use by DNS resolvers. An organisation is able to receive a
> reputational data feed describing internet domains that have a 'poor'
> reputation. A poor reputation is usually based on the delivery of malware,
> or other forms of nefarious internet activity.
> 
> The ISC have provided an efficient standardised mechanism for the use of
> reputational data by recursive DNS resolvers and have left the provision of
> the reputational data itself to professional organisations that specialize
> in this type of information. Additionally, the response that shall be given
> to a client attempting to resolve a domain which is listed amongst those
> with a 'poor' reputation is left to the local organisation to decide.

This is basically RPZ. "reputational data feed" is basically a response
policy zone. There are feed providers such as Spamhaus, Farsight
Security, etc. E.g., see this:

https://www.spamhaus.org/news/article/669

Mukund
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How to implement DNS RPZ with Domain Based Reputation Data

2018-04-28 Thread Blason R 
 Hi Team,
Can someone please confirm if below stuff I found pertaining to BIND can be
implemented with DNS RPZ? If yes can someone please point me to the
appropriate document?
Domain Based Reputational Data

With the release of BIND 9.8.1 a *new* reputational mechanism is available,
this time for use by DNS resolvers. An organisation is able to receive a
reputational data feed describing internet domains that have a 'poor'
reputation. A poor reputation is usually based on the delivery of malware,
or other forms of nefarious internet activity.

The ISC have provided an efficient standardised mechanism for the use of
reputational data by recursive DNS resolvers and have left the provision of
the reputational data itself to professional organisations that specialize
in this type of information. Additionally, the response that shall be given
to a client attempting to resolve a domain which is listed amongst those
with a 'poor' reputation is left to the local organisation to decide.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users