Bind 9

To implement the RPZ from the rpz-block-list into your bind server you can do Several thing like default RPZ synchronization or better use rsync from the master zone files.

named.conf default-zones file
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
//
// Do any local configuration here
//
// for any issue please visit https://github.com/spirillen/dns-rpz-integration/issues
// Copyright NON-commercial usage and https://github.com/spirillen/dns-rpz-integration/blob/master/LICENSE
// Consider adding the 1918 zones here, if they are not used in your
// organization
// include "/etc/bind/zones.rfc1918";

#
# Your Private white and blacklist
#
zone "my-private-whitelist" {
        type master;
        file "/var/lib/bind/my-private-whitelist.hosts";
        allow-transfer {
                };
        allow-query {
                localhost;
                };
};

zone "my-private-blacklist" {
        type master;
        file "/var/lib/bind/my-private-blacklist.hosts";
        allow-transfer {
                };
        allow-query {
                localhost;
                };
};

#------------------------------------------------------------------------------
# RPZ Whitelist
#------------------------------------------------------------------------------

zone "whitelist.mypdns.cloud" {
        type master;
        file "/var/lib/bind/whitelist.mypdns.cloud.hosts";
        allow-transfer {
                trusted;
                127/8;
                localhost;
                };
        allow-query {
                trusted;
                localhost;
                };
        also-notify {
                192.168.1.30;
                };
};


#------------------------------------------------------------------------------
# Local RPZ Files
#------------------------------------------------------------------------------

zone "rpz.mypdns.cloud" {
        type master;
        file "/var/lib/bind/rpz.mypdns.cloud.hosts";
        allow-transfer {
                trusted;
                localhost;
                127/8;
                };
        also-notify {
                192.168.1.30;
                };
};

#------------------------------------------------------------------------------
# YouTube RPZ Files, for blocking ads on youtube
#------------------------------------------------------------------------------

zone "youtube.mypdns.cloud" {
        type master;
        file "/var/lib/bind/youtube.mypdns.cloud.hosts";
        allow-transfer {
                trusted;
                localhost;
                127/8;
                };
        also-notify {
                192.168.1.30;
                };
};

#------------------------------------------------------------------------------
# Spamhnaus RPZ Files, License required, but free for open source project
#------------------------------------------------------------------------------

zone "drop.rpz.spamhaus.org" {
        type slave;
        file "/var/lib/bind/drop.rpz.spamhaus.org.dbx";
        masters {
                188.176.49.219;
                };
};