Knowledge Base ISC Main Website Ask a Question/Contact ISC
How do I create and maintain my DNS firewall policy rule set using DNS RPZ?
Author: Paul Vixie Reference Number: AA-00517 Views: 3988 Created: 2011-11-01 06:10 Last Updated: 2011-11-01 22:45 0 Rating/ Voters

In a DNS RPZ firewall, the policy rule set is contained in a DNS "zone", which can be transferred using normal "zone transfer" mechanisms. The master copy of your DNS firewall policy can be a DNS "zone file" which you either edit by hand, or which you generate from a database.  You can also edit a DNS zone indirectly using DNS dynamic updates (for example, using the "nsupdate" shell level utility.)  The format of the Response Policy Zone is described here: DNS Response Policy Zones - Specification - Format 3.

See also: Building DNS Firewalls with Response Policy Zones (RPZ)

© 2001-2014 Internet Systems Consortium

  • Please help us to improve the content of our knowledge base by letting us know how we can improve this article or by submitting suggestions for other articles you'd like to see created. Information on how to obtain further help on our products or services can be found on our main website.' If you have a technical question or problem on which you'd like help, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.
Info Submit Feedback on this Article
Nickname: Your Email: Subject: Comment:
Enter the code below:
Quick Jump Menu