DNS RPZ

DNS RPZ

Share

This page is dedicated to DNS RPZ technology. Like this page to keep up to date with dns RPZ technology

DNS Related Threat Intelligence | Deteque, A Division of Spamhaus 02/02/2018

Congrats to our friends at - a division of Spamhaus, on recently launching their newly designed site: https://www.deteque.com/
Developing real-time threat intelligence to protect and secure networks.
- very cool live map! 🤓

DNS Related Threat Intelligence | Deteque, A Division of Spamhaus Deteque is integrated with a global network of service providers & a community of security researchers who are dedicated to collecting, collating and delivering DNS-related threat intelligence.

01/25/2018

ISC released BIND 9.12 that includes the following changes to RPZ implementation:

- The DNS Response Policy Service (DNSRPS) API, a mechanism to allow named to use an external response policy provider, is now supported. (One example of such a provider is "FastRPZ" from Farsight Security, Inc.) This allows the same types of policy filtering as standard RPZ, but can reduce the workload for named, particularly when using large and frequently-updated policy zones. It also enables named to share response policy providers with other DNS implementations such as Unbound.

This feature is available if BIND is built with configure --enable-dnsrps, if a DNSRPS provider is installed, and if dnsrps-enable is set to "yes" in named.conf. Standard built-in RPZ is used otherwise.

Thanks to @
Farsight Security, Inc.
Farsight Security, Inc. for the contribution.

- The Response Policy Zone (RPZ) implementation has been substantially refactored: updates to the RPZ summary database are no longer directly performed by the zone database but by a separate function that is called when a policy zone is updated. This improves both performance and reliability when policy zones receive frequent updates. Summary database updates can be rate-limited by using the min-update-interval option in a response-policy statement. [RT #43449]

You can read the full change log here:

https://ftp.isc.org/isc/bind9/9.12.0/RELEASE-NOTES-bind-9.12.0.html

And download the newest version directly from ISC here:

https://www.isc.org/downloads/

ftp.isc.org BIND 9.12.0 is a new feature release of BIND. This document summarizes new features and functional changes that have been introduced on this branch, as well as features that have been deprecated or removed.

11/03/2017

https://www.sans.org/reading-room/whitepapers/dns/implementation-dns-rpz-malware-phishing-defence-34535

^^Good technical overview about RPZ, and below is recent webinar we did for SANS

Visit the Sans site (will need to register for a account, but they have many good webinars / training), and search for:

Response Policy Zones (RPZ):Using DNS to Choke Malware, Botnets, and Ransomware

make sure you are using the most stable version of BIND which is 9.11.12 - here is a link to download https://www.isc.org/downloads/

www.sans.org

Protect your network with DNS Firewall 08/21/2017

Most modern electronic crime and network abuse relies on the Domain Name System. Protection against these threats must include the Domain Name System…!

A DNS firewall selectively intercepts DNS resolution for known-malicious network assets including domain names, IP addresses, and name servers. Interception can mean rewriting a DNS response to direct a web browser to a “walled garden”, or simply making the malicious network assets invisible and unreachable.

A DNS firewall can block
- Phishing - When a user clicks on a link in an email, for example from a fake banking site, you can intercept the lookup of that site.
- Malware -When a user attempts to navigate to an IP address known to host malware, you can redirect them to a site of your own with instructions on scanning their computer.
- Ransomware - Ransomware, is a type of malware in which someone takes over assets on your network and blocks access to them until you pay a ransom. This is a rapidly growing threat.
- Botnet Command and Control sites - When devices inside your network attempt to contact suspected botnet command central, drop the queries, and log them for analysis and followup.
- Identify Infected Machines - By analyzing the query logs, you can track down the machines in your network that are attempting to contact these abuse sites, and clean up any infections or botnet code.

SWITCH Information Technology Services (Switzerland)

https://securityblog.switch.ch/2015/05/07/protect-your-network-with-dns-firewall/

Protect your network with DNS Firewall If you run your own mail server, you will quickly find out that 90% of the e-mails you receive are spam. The solution to this problem is e-mail filtering, which rejects or deletes unwanted spam. Th...

08/09/2017

Older but interesting article about RPZ from Spamhaus...

Spamhaus' DBL as a Response Policy Zone (RPZ) While security professionals can and do block access to domains that are known to cause harm, this has so far only been possible once the harm has been identified. And that's too late - the harm is already done. The criminals who use these techniques are now registering domains by the thousand in or...

08/08/2017

"Most new domain names are malicious"

Taking Back the DNS Most new domain names are malicious. I am stunned by the simplicity and truth of that observation. Every day lots of new names are added to the global DNS, and most of them belong to scammers, spammers, e-criminals, and speculators. The DNS industry has a lot of highly capable and competitive regist...

08/08/2017

https://dnsrpz.info/

DNS Response Policy Zones Domain Name Service Response Policy Zones (DNS RPZ) is a method that allows a nameserver administrator to overlay custom information on top of the global DNS to provide alternate responses to queries. It is currently implemented in the ISC BIND nameserver (9.8 or later). Another generic name for the...

Want your school to be the top-listed School/college in Joliet?

Click here to claim your Sponsored Listing.

Location

Address


Joliet, IL
60435