-----Original Message----- From: Emiliano Vazquez <emilianovazq...@gmail.com> Organization: PcCentro Informatica & CCTV Date: Thursday, July 26, 2012 7:28 PM Cc: "bind-users@lists.isc.org" <bind-users@lists.isc.org> Subject: Re: Block some users with Bind9
>I was reading about rpz zones but i understand what i need to do. >I follow instructions but i did not get the result explained in the link > >For example: > >I create rpz.db >########################################################## >$TTL 60 > @ IN SOA localhost. root.localhost. ( > 2 ; serial > 3H ; refresh > 1H ; retry > 1W ; expiry > 1H) ; minimum > IN NS localhost. > > www.yahoo.com CNAME . > weather.yahoo.com CNAME *. > stocks.yahoo.com CNAME www.google.com. > ad.yahoo.com A 127.0.0.1 >########################################################## > >then, i create in named.conf the rpz zone: >########################################################## > zone "rpz" { > type master; > file "rpz.db"; > allow-query { none; }; > allow-transfer { ... ; }; > }; >########################################################## > >The next step is add in named.conf.options the response-policy >########################################################## >response-policy { zone "rpz"; }; >########################################################## > >Restart bind9 with success! (after several errors). > >the i try in one client to get this working and nothing happens. >I did not find any way to see the resolution in the server to see what >is wrong (like asterisk, squid, shorewall). >I'm reading about bind but it is a lot of information and all is too >much technical to me. I lost any time i read about this! To start you might want to run tcpdump on the BIND server and make sure you see packets from your test client coming in as expected. Something like tcpdump -i <whatever> -vvv -X host <client_ip> and dst port 53 should do. For the sake of testing you could also enable query-logging. Logging and other options are best described in the ARM, though you can also see a good overview of logging configuration here as well: http://www.cymru.com/Documents/secure-bind-template.html _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users