Re: scripts-to-block-domains

2020-07-14 Thread Grant Taylor via bind-users
On 7/14/20 12:08 AM, MEjaz wrote: Thanks for every one’s  contribution.  I use RPZ and listed 5000  forged domain to block it in  a particular zone  without having addiotnal zones, I hope that’s the feature of  RPZ, Seems good. You might want to look through those domains and see if there are

RE: scripts-to-block-domains

2020-07-14 Thread MEjaz
Ok, I will take care next time will -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of @lbutlr Sent: Tuesday, July 14, 2020 10:28 AM To: bind-users Subject: Re: scripts-to-block-domains On 14 Jul 2020, at 00:31, MEjaz wrote: > Please

Re: scripts-to-block-domains

2020-07-14 Thread @lbutlr
On 14 Jul 2020, at 00:31, MEjaz wrote: > Please do not post images. Copy and paste the text. (Over 100 lines of quoted lines with no content deleted) -- I WILL NOT BARF UNLESS I'M SICK Bart chalkboard Ep. 8F15 ___ Please visit

RE: scripts-to-block-domains

2020-07-14 Thread MEjaz
Thanks for your quick response, I did that here is the statement in option section. -Original Message- From: Daniel Stirnimann [mailto:daniel.stirnim...@switch.ch] Sent: Tuesday, July 14, 2020 9:25 AM To: MEjaz ; bind-users@lists.isc.org Subject: Re: scripts-to-block

Re: scripts-to-block-domains

2020-07-14 Thread Daniel Stirnimann
Hello Mohammed, I don't see that you specified a "response-policy" [1] statement. You need something like this as well: response-policy { zone "rpz.local" policy given; } // Apply RPZ policy to DNSSEC signed zones break-dnssec yes ; [1]

RE: scripts-to-block-domains

2020-07-14 Thread MEjaz
eclick.net.rpz.local -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Grant Taylor via bind-users Sent: Monday, July 13, 2020 10:45 PM To: bind-users@lists.isc.org Subject: Re: scripts-to-block-domains On 7/13/20 12:44 AM, MEjaz wrote: > Hell al

Re: scripts-to-block-domains

2020-07-13 Thread Grant Taylor via bind-users
On 7/13/20 12:44 AM, MEjaz wrote: Hell  all, Hi, I have an requirement from our  national Cyber security to block several thousand forged domains from our recursive servers, Is there any way we can add clause in named.conf to scan such bogus domain list without impacting the performance of

Re: scripts-to-block-domains

2020-07-13 Thread Daniel Stirnimann
Hello Mohammed, You can use RPZ (Response Policy Zone). The following link should give you a good introduction on how to set this up: Building DNS Firewalls with Response Policy Zones (RPZ) https://kb.isc.org/docs/aa-00525 Daniel On 13.07.20 08:44, MEjaz wrote: > Hell  all, > >   > >   > >