Re: scripts-to-block-domains
On 7/13/20 12:44 AM, MEjaz wrote: Hell all, Hi, I have an requirement from our national Cyber security to block several thousand forged domains from our recursive servers, Is there any way we can add clause in named.conf to scan such bogus domain list without impacting the performance of the servers. $RPZ++ If you can't use RPZ, then you /can/ create skeleton zones to make your server authoritative for the zones in question. However, there are drawbacks to this regarding performance based on the number and size of all the additional zones. I would strongly recommend RPZ, or the new Response Policy Service, which there are a few commercial implementations of. RPS is for DNS what milters are for mail servers. RPZ is a ""static list. RPS is an active / dynamic service. Note: Response Policy Zones can be updated via normal dynamic DNS methods. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: scripts-to-block-domains
Hello Mohammed, You can use RPZ (Response Policy Zone). The following link should give you a good introduction on how to set this up: Building DNS Firewalls with Response Policy Zones (RPZ) https://kb.isc.org/docs/aa-00525 Daniel On 13.07.20 08:44, MEjaz wrote: > Hell all, > > > > > > I have an requirement from our national Cyber security to block several > thousand forged domains from our recursive servers, Is there any way we > can add clause in named.conf to scan such bogus domain list without > impacting the performance of the servers. > > > > Thanks in advance.. for the usual contribution. > > > > > > Thanks, > > Mohammed Ejaz > > Asst. Operation Director of Systems. > > Cyberia SAUDI ARABIA > > P.O.Box: 301079, Riyadh 11372 > > Phone: (+966) 11 464 7114 Ext. 140 > > Mobile: (+966) 562311787 > > Fax: (+966) 11 465 4735 > > Website: http://www.cyberia.net.sa ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
scripts-to-block-domains
Hell all, I have an requirement from our national Cyber security to block several thousand forged domains from our recursive servers, Is there any way we can add clause in named.conf to scan such bogus domain list without impacting the performance of the servers. Thanks in advance.. for the usual contribution. Thanks, Mohammed Ejaz Asst. Operation Director of Systems. Cyberia SAUDI ARABIA P.O.Box: 301079, Riyadh 11372 Phone: (+966) 11 464 7114 Ext. 140 Mobile: (+966) 562311787 Fax: (+966) 11 465 4735 Website: http://www.cyberia.net.sa ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users