</style><!--[if gte mso 9]><xml><o:shapedefaults v:ext="edit" spidmax="1026" />
<p class=MsoNormal>Phone: (+966) 11 464 7114 Ext. 140<o:p></o:p></p><p class=MsoNormal>Mobile: (+966) 562311787<o:p></o:p></p><p class=MsoNormal>Fax: (+966) 11 465 4735<o:p></o:p></p><p class=MsoNormal>Website:http://www.cyberia.net.sa<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>
Hell all,
I have an requirement from our national Cyber security to block several thousand forged domains from our recursive servers, Is there any way we
can add clause in named.conf to scan such bogus domain list without
impacting the performance of the servers.
Thanks in advance.. for the usual contribution.
Thanks,
Mohammed Ejaz
Asst. Operation Director of Systems.
Cyberia SAUDI ARABIA
P.O.Box: 301079, Riyadh 11372
Phone: (+966) 11 464 7114 Ext. 140
Mobile: (+966) 562311787
Fax: (+966) 11 465 4735
Website: http://www.cyberia.net.sa
Hell all,
I have an requirement from our national Cyber security to block several thousand forged domains from our recursive servers, Is there any way we
can add clause in named.conf to scan such bogus domain list without impacting the performance of the servers.
Hello all,
Thanks for every one’s contribution. I use RPZ and listed 5000 forged domain to block it in a particular zone without having addiotnal
zones, I hope that’s the feature of RPZ, Seems good.
Below is snippet for your review for the zone and file db.rpz.local
which was copied from the default named.empty.
zone "rpz.local" {
type master;
file "db.rpz.local";
allow-query { localhost; };
};
Once this configuration done I am expecting that whoever quarried to our
name server for a zone which Is listed in my dns server should not allow users to fetch any records as recursive from outside servers, it should server from the internal servers only?
When I test my configuration with one of the hosted domain in my list
i.e doubleclick.net, I got all the results rather than throwing an
error. please correct if I am wrong..
Here are the logs.
[root@ns20 ~]# tailf /var/log/named/rpz.log
14-Jul-2020 06:49:53.582 rpz: info: client 212.71.32.20#38120: rpz QNAME NXDOMAIN rewrite test.doubleclick.net via test.doubleclick.net.rpz.local
14-Jul-2020 06:49:55.370 rpz: info: client 213.210.231.227#26654: rpz
QNAME NXDOMAIN rewrite securepubads.g.doubleclick.net via securepubads.g.doubleclick.net.rpz.local
14-Jul-2020 06:50:04.445 rpz: info: client 212.71.32.20#48178: rpz QNAME NXDOMAIN rewrite mail.doubleclick.net via mail.doubleclick.net.rpz.local
14-Jul-2020 06:50:09.079 rpz: info: client 213.210.231.227#16492: rpz
QNAME NXDOMAIN rewrite stats.g.doubleclick.net via stats.g.doubleclick.net.rpz.local
c14-Jul-2020 06:52:07.353 rpz: info: client 213.210.253.163#58635: rpz
QNAME NXDOMAIN rewrite stats.l.doubleclick.net via stats.l.doubleclick.net.rpz.local
14-Jul-2020 06:52:25.272 rpz: info: client 213.210.253.163#57975: rpz
QNAME NXDOMAIN rewrite pagead.l.doubleclick.net via pagead.l.doubleclick.net.rpz.local
14-Jul-2020 06:55:03.973 rpz: info: client 213.181.164.207#31366: rpz
QNAME NXDOMAIN rewrite googleads.g.doubleclick.net via googleads.g.doubleclick.net.rpz.local
<image001.png>
<image001.png>
Thanks for every one’s contribution. I use RPZ and listed 5000 forged domain to block it in a particular zone without having addiotnal
zones, I hope that’s the feature of RPZ, Seems good.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 14:41:54 |
Calls: | 6,645 |
Files: | 12,190 |
Messages: | 5,326,935 |