Project

General

Profile

Feature #8188

Support response policy zones in bind package

Added by Michael Newton over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
BIND
Target version:
-
Start date:
12/11/2017
Due date:
% Done:

0%

Estimated time:

Description

An RPZ "selectively intercepts DNS resolution for known-malicious network assets including domain names, IP addresses, and name servers. Interception can mean rewriting a DNS response to direct a web browser to a “walled garden”, or simply making the malicious network assets invisible and unreachable."

This PR (https://github.com/pfsense/FreeBSD-ports/pull/487) adds a checkbox to indicate if a master or slave zone is used in a response policy. It allows for users to add the appropriate CNAME records to filter based on query, response, or responding nameserver, but it does not give any GUI sugar to make this a "fill in the blanks" exercise.

More info on RPZs:
https://dnsrpz.info/
http://www.zytrax.com/books/dns/ch7/rpz.html
https://www.isc.org/rpz/

Also available in: Atom PDF