wiki:RpzUnbound

Wiki's under this subject

    Unbound

    It is worth mentioning that Unbound have been working on supporting Response policy zone (RPZ), and they have finally merged the work. See this ​PullRequest at GH.

    According to there response on when they would like to release this, it should be witin February 2020.

    Setup Response Policy Zone

    The following setup guidance is based on doc/example.conf.in in the above PR on GH

    # Response Policy Zones
    # RPZ policies. Applied in order of configuration. QNAME and Response IP
    # Address trigger are the only supported triggers. Supported actions are:
    # NXDOMAIN, NODATA, PASSTHRU, DROP and Local Data. Policies can be loaded from
    # file, using zone transfer, or using HTTP. The respip module needs to be added
    # to the module-config, e.g.: module-config: "respip validator iterator".
    rpz:
        name: "rpz.mypdns.cloud"
        zonefile: "rpz.mypdns.cloud"
        master: axfr.ipv4.mypdns.cloud@5353 # IPv4
        master: axfr.mypdns.cloud # IPv6
        allow-notify: 192.0.2.0/32
        url: https://gitlab.com/my-privacy-dns/rpz-dns-firewall-tools/bind-9/raw/master/rpz_zones/rpz.mypdns.cloud.rpz
        rpz-action-override: NXDOMAIN
        rpz-cname-override: rpz.mypdns.cloud
        rpz-log: yes
        rpz-log-name: "example policy"
        tags: "example"
    

    Now save this in your conf dir as rpz.mypdns.cloud.conf

    That should be about it :)

    Last modified 3 weeks ago Last modified on 2020-01-30T17:39:07+01:00
    Note: See TracWiki for help on using the wiki.