Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
1 Building DNS Firewalls with Response Policy Zones (RPZ) Featured

A DNS Firewall can help you control what domain names, IP addresses and subnets, and name servers are allowed to function on your network. You can build such a firewall using DNS Response Policy Zones (RPZ), which is an open and vendor-neutral standard for…

2 Response Policy Zone (RPZ), NSIP rules, and nsip-wait-recurse

Problem: You, or your security team, want to use RPZ NSIP rules to filter results and provide protection for your users. Unfortunately, there are domains that you need to resolve names for that are served by ill-behaved servers that you are unable to resolve…

3 DNSRPZ performance and scaleability when using multiple RPZ zones

BIND 9.10 can be configured to have response policies. That means that it can be configured to give responses that are different depending on the identity of the querying client and the nature of the query. To configure BIND response policy, you put the information…

4 Webinar: DNS Firewalls with BIND: ISC RPZ and the Internet Identity Approach - ISC and Internet Identity

Internet Systems Consortium (ISC) and Internet Identity (IID) are proud to present a joint webinar “DNS Firewalls with BIND: ISC RPZ and the Internet Identity Approach” Despite security being an essential part of the network administrator’s job and…

5 Known Inconsistency in DNSRPZ’s NSDNAME and NSIP Rules

Response Policy Zones define several possible triggers for each rule, and among these, two are known to produce inconsistent results. This is not a bug, but relates to inconsistencies in the Domain Name System (DNS) delegation model. Since a complete understanding…

6 Using DNS RPZ to Deliver DNS Firewall Services

If you are a security company whose products include threat intelligence feeds, you can use DNS RPZ as a delivery channel to customers. Threats can be expressed as known-malicious IP addresses and subnets, known-malicious domain names, and known-malicious…

7 How can I protect important business relationships from accidental DNS RPZ firewalling?

If your business continuity depends on full connectivity with another company whose ISP also serves some criminal or abusive customers, it's possible that one or more of your external RPZ providers -- that is, your security feed vendors -- will eventually…

8 What if I want to use a simpler walled garden triggered by IP address?

It's possible that the only thing you know about an attacker is the IP address block they will use for their "phishing" web servers. If you don't know what domain names they'll use and you don't know what name servers they'll use, but you do know that every…

9 When maintaining a DNS RPZ, how do I put infected users into a walled garden?

These Techniques Can Be Applied to a Variety of Malware Threats Although this article was originally written about a specific piece of malware that is no longer a current threat, the techniques discussed can still be potentially useful in blocking the command…

10 When maintaining a DNS RPZ, how do I disappear a malicious domain name?

The simplest and most common use of a DNS firewall is to poison domain names known to be purely malicious, by simply making them disappear. All DNS RPZ rules are expressed as resource record sets (RRsets), and the way to express "force a name-does-not-exist…

1 2 Next