pdns/basic.rpz

   1 $TTL 2h;
   2 $ORIGIN domain.example.com.
   3 @               SOA powerdns.example.net. hostmaster.example.com ( 1 12h 15m 3w 2h)
   4                 NS powerdns.example.net.
   5 ; begin RPZ RR definitions
   6
   7 ;; QNAME Trigger
   8
   9 ; QNAME Trigger NXDOMAIN Action
  10 ; kills whole domain
  11 nxdomain.org        CNAME .
  12 *.nxdomain.org      CNAME .
  13
  14 ; QNAME Trigger PASSTHRU Action
  15 ; typically only used for bypass
  16 mail.nxdomain.org        CNAME rpz-passthru.
  17
  18 ; QNAME Trigger DROP Action
  19 ; kills whole domain
  20 example.net        CNAME rpz-drop.
  21 *.example.net      CNAME rpz-drop.
  22
  23 ; QNAME Trigger Truncate Action
  24 ; kills whole domain
  25 truncate.org        CNAME rpz-tcp-only.
  26 *.truncate.org      CNAME rpz-tcp-only.
  27
  28 ; QNAME Trigger Local-Data Action
  29 ; sends to a local website
  30 ; kills whole domain
  31 local.org        CNAME explanation.example.com.
  32 *.local.org      CNAME explanation.example.com.
  33
  34 local-a.org        A 192.168.2.5
  35 *.local-a.org      A 192.168.2.5
  36
  37 ; CLIENT-IP Trigger DROP Action
  38 ; kills all DNS activity from this client
  39 24.0.0.0.127.rpz-client-ip CNAME rpz-drop.
  40
  41 ; CLIENT-IP Trigger TCP-ONLY Action
  42 ; slows-up all DNS activity from this client
  43 32.1.0.0.10.rpz-client-ip CNAME rpz-tcp-only.
  44
  45 ; IP Trigger NXDOMAIN Action
  46 ; any answer containing IP range
  47 32.2.0.0.10.rpz-ip CNAME .
  48
  49 ;; NSDNAME Trigger
  50 ;; if ns1.example.org appears in the authority section
  51 ;; of any answer
  52
  53 ; NSDNAME Trigger NXDOMAIN Action
  54 ; kills specific name server
  55 dns-eu1.powerdns.net.rpz-nsdname CNAME .
  56
  57 ; this will kill any name servers from example.org
  58 *.powerdns.net.rpz-nsdname   CNAME .
  59
  60 ; NSDNAME Trigger TCP-ONLY Action
  61 ; kills specific name server
  62 *.gtld-servers.net.rpz-nsdname CNAME rpz-tcp-only.
  63