Talk With an Expert

Implementation and use of DNS RPZ in malware and phishing defence

Implementation and use of DNS RPZ in malware and phishing defence (PDF, 2.35MB)Published: 03 Apr, 2014
Created by:
Alex Lomas

There has been growing interest in the use of DNS RPZ (domain name system response policy zones) as a mechanism to defend against malware on the web. This paper will examine the history of DNS RPZ, its applications (including malware and phishing) and experience of its deployment instead of other layer 7 based filtering systems. This paper will provide a step-by-step process for configuring DNS RPZ in BIND, as well as ancillary services for logging and manual manipulation of the RPZ, and examines the need for user education and response to 'false positives'.