Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
1 Building DNS Firewalls with Response Policy Zones (RPZ) Featured

A DNS Firewall can help you control what domain names, IP addresses, and name servers are allowed to function on your network. You can build such a firewall using DNS Response Policy Zones (RPZ), which is an open and vendor-neutral standard for the interchange…

2 Known Inconsistency in DNSRPZ’s NSD and NSIP Rules

Response Policy Zones define several possible triggers for each rule, and among these, two are known to produce inconsistent results. This is not a bug, but relates to inconsistencies in the Domain Name System (DNS) delegation model. Since a complete understanding…

3 Using DNS RPZ to Deliver DNS Firewall Services

If you are a security company whose products include threat intelligence feeds, you can use DNS RPZ as a delivery channel to customers. Threats can be expressed as known-malicious IP addresses, known-malicious domain names, and known-malicous domain name…

4 How can I protect important business relationships from accidental DNS RPZ firewalling?

If your business continuity depends on full connectivity with another company whose ISP also serves some criminal or abusive customers, it's possible that one or more of your external RPZ providers -- that is, your security feed vendors -- will eventually…

5 What if I want to use a simpler walled garden triggered by IP address?

It's possible that the only thing you know about an attacker is the IP address block they will use for their "phishing" web servers. If you don't know what domain names they'll use and you don't know what name servers they'll use, but you do know that every…

6 When maintaining a DNS RPZ, how do I put infected users into a walled garden?

If you know that the well known computer virus Conficker uses a domain generation algorithm (DGA) to choose up to fifty thousand (50,000) command and control domains per day, you might hesitate to try to create an RPZ that contains so many domain names and…

7 When maintaining a DNS RPZ, how do I disappear a malicious domain name?

The simplest and most common use of a DNS firewall is to poison domain names known to be purely malicious, by simply making them disappear. All DNS RPZ rules are expressed as resource record sets (RRsets), and the way to express "force a name-does-not-exist…

8 How can I synchronize DNS RPZ firewall policies across multiple DNS servers?

In DNS RPZ, the DNS firewall policy rule set is stored in a DNS zone which is maintained and synchronized using the same tools and methods as for any other DNS zone. See How do I create and maintain my DNS firewall policy rule set using DNS RPZ? for the procedures…

9 How do I create and maintain my DNS firewall policy rule set using DNS RPZ?

In a DNS RPZ firewall, the policy rule set is contained in a DNS "zone", which can be transferred using normal "zone transfer" mechanisms. The master copy of your DNS firewall policy can be a DNS "zone file" which you either edit by hand, or which you generate…

10 What are the features of the DNS RPZ firewall?

DNS RPZ is a form of DNS firewall in which the firewall rule sets are expressed within DNS itself in the form of a specially constructed DNS zone. DNS RPZ is an open vendor-neutral format for DNS firewall policy which allows a DNS server operator to maintain…

1 2 Next