Feature #8188
closedSupport response policy zones in bind package
0%
Description
An RPZ "selectively intercepts DNS resolution for known-malicious network assets including domain names, IP addresses, and name servers. Interception can mean rewriting a DNS response to direct a web browser to a “walled garden”, or simply making the malicious network assets invisible and unreachable."
This PR (https://github.com/pfsense/FreeBSD-ports/pull/487) adds a checkbox to indicate if a master or slave zone is used in a response policy. It allows for users to add the appropriate CNAME records to filter based on query, response, or responding nameserver, but it does not give any GUI sugar to make this a "fill in the blanks" exercise.
More info on RPZs:
https://dnsrpz.info/
http://www.zytrax.com/books/dns/ch7/rpz.html
https://www.isc.org/rpz/