Nick Ellson
Technical User
I had a working Bind9 configuration with views that allowed my internal network to query my work AD Domain which would be trapped and forwarded to their DNS Servers.
zone "company.tld" IN {
type forward;
forward only;
forwarders {
10.5.161.1;
10.6.161.1;
};
};
But I wanted to add RPZ to my set up so that I can filter bad actors using DNS. I subscribed to a RPZ feed and zone transfer, and set up the response policy:
response-policy {
zone "oisd-full.ioc2rpz" policy nxdomain;
}
And wow, that was easy, tested a bunch of popular bad actor DNS queries and they got no answer. Nice. however the company.tld internal AD Domain is unfortunately in the rpz list so I am no longer getting my forward zone definition to work.
I have not found a way to have BIND9 use that locally defined zone first, before RPZ.. or, have RPZ be aware a whitelist that allows it to use the local definitions so that the queries are properly forwarded.
zone "company.tld" IN {
type forward;
forward only;
forwarders {
10.5.161.1;
10.6.161.1;
};
};
But I wanted to add RPZ to my set up so that I can filter bad actors using DNS. I subscribed to a RPZ feed and zone transfer, and set up the response policy:
response-policy {
zone "oisd-full.ioc2rpz" policy nxdomain;
}
And wow, that was easy, tested a bunch of popular bad actor DNS queries and they got no answer. Nice. however the company.tld internal AD Domain is unfortunately in the rpz list so I am no longer getting my forward zone definition to work.
I have not found a way to have BIND9 use that locally defined zone first, before RPZ.. or, have RPZ be aware a whitelist that allows it to use the local definitions so that the queries are properly forwarded.