/
basic.rpz
63 lines (48 loc) · 1.63 KB
/
basic.rpz
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
$TTL 2h;
$ORIGIN domain.example.com.
@ SOA powerdns.example.net. hostmaster.example.com ( 1 12h 15m 3w 2h)
NS powerdns.example.net.
; begin RPZ RR definitions
;; QNAME Trigger
; QNAME Trigger NXDOMAIN Action
; kills whole domain
nxdomain.org CNAME .
*.nxdomain.org CNAME .
; QNAME Trigger PASSTHRU Action
; typically only used for bypass
mail.nxdomain.org CNAME rpz-passthru.
; QNAME Trigger DROP Action
; kills whole domain
example.net CNAME rpz-drop.
*.example.net CNAME rpz-drop.
; QNAME Trigger Truncate Action
; kills whole domain
truncate.org CNAME rpz-tcp-only.
*.truncate.org CNAME rpz-tcp-only.
; QNAME Trigger Local-Data Action
; sends to a local website
; kills whole domain
local.org CNAME explanation.example.com.
*.local.org CNAME explanation.example.com.
local-a.org A 192.168.2.5
*.local-a.org A 192.168.2.5
; CLIENT-IP Trigger DROP Action
; kills all DNS activity from this client
24.0.0.0.127.rpz-client-ip CNAME rpz-drop.
; CLIENT-IP Trigger TCP-ONLY Action
; slows-up all DNS activity from this client
32.1.0.0.10.rpz-client-ip CNAME rpz-tcp-only.
; IP Trigger NXDOMAIN Action
; any answer containing IP range
32.2.0.0.10.rpz-ip CNAME .
;; NSDNAME Trigger
;; if ns1.example.org appears in the authority section
;; of any answer
; NSDNAME Trigger NXDOMAIN Action
; kills specific name server
dns-eu1.powerdns.net.rpz-nsdname CNAME .
; this will kill any name servers from example.org
*.powerdns.net.rpz-nsdname CNAME .
; NSDNAME Trigger TCP-ONLY Action
; kills specific name server
*.gtld-servers.net.rpz-nsdname CNAME rpz-tcp-only.