Permalink
44a6cee Jul 6, 2016
@ahupowerdns @pieterlexis
64 lines (48 sloc) 1.63 KB
$TTL 2h;
$ORIGIN domain.example.com.
@ SOA powerdns.example.net. hostmaster.example.com ( 1 12h 15m 3w 2h)
NS powerdns.example.net.
; begin RPZ RR definitions
;; QNAME Trigger
; QNAME Trigger NXDOMAIN Action
; kills whole domain
nxdomain.org CNAME .
*.nxdomain.org CNAME .
; QNAME Trigger PASSTHRU Action
; typically only used for bypass
mail.nxdomain.org CNAME rpz-passthru.
; QNAME Trigger DROP Action
; kills whole domain
example.net CNAME rpz-drop.
*.example.net CNAME rpz-drop.
; QNAME Trigger Truncate Action
; kills whole domain
truncate.org CNAME rpz-tcp-only.
*.truncate.org CNAME rpz-tcp-only.
; QNAME Trigger Local-Data Action
; sends to a local website
; kills whole domain
local.org CNAME explanation.example.com.
*.local.org CNAME explanation.example.com.
local-a.org A 192.168.2.5
*.local-a.org A 192.168.2.5
; CLIENT-IP Trigger DROP Action
; kills all DNS activity from this client
24.0.0.0.127.rpz-client-ip CNAME rpz-drop.
; CLIENT-IP Trigger TCP-ONLY Action
; slows-up all DNS activity from this client
32.1.0.0.10.rpz-client-ip CNAME rpz-tcp-only.
; IP Trigger NXDOMAIN Action
; any answer containing IP range
32.2.0.0.10.rpz-ip CNAME .
;; NSDNAME Trigger
;; if ns1.example.org appears in the authority section
;; of any answer
; NSDNAME Trigger NXDOMAIN Action
; kills specific name server
dns-eu1.powerdns.net.rpz-nsdname CNAME .
; this will kill any name servers from example.org
*.powerdns.net.rpz-nsdname CNAME .
; NSDNAME Trigger TCP-ONLY Action
; kills specific name server
*.gtld-servers.net.rpz-nsdname CNAME rpz-tcp-only.