DNS Resolvers are critical point for which all devices in your network must interact to communicate to the outside world. It is a logical choice to put security measures to check if a domain is “clean” or “dirty.”

RPZ (Response Policy Zone) has the ability to block resolution of known malicious domains at the DNS Resolver lookup fort he entire network. Similar in concept to blocklist but designed specifically for DNS lookups with far greater coverage.

Service Description:

  • DNS RPZ – provides a filtering mechanism to check the validity of the domain and if it is concluded to be a bad domain the DNS RPZ can enforce policies to protect user from visiting the malicious websites through blocks, warning messages and quarantine measures.
  • Deteque’ RPZ Feeds contain tens (hundreds) of thousands of domains known to be suspect.
  • The Deteque Response Policy Zone data are updated with new threats every sixty seconds.
  • This data is updated very rapidly by transmitting only the changes to the list rather than the full list. This means that the frequent updates generally take less than a second to propagate, effectively mitigating threats in near real time.

Benefits:

  • Providing the same capabilities of an anti-spam blocklist but with greater degrees of scaling and speed.
  • Copes with any protocol, application and access method.
  • Adds an additional layer of security with dynamic threat intelligence at the “choke-point” of the network.
  • Agentless and Auto-updates are customizable.
  • On top of DNS RPZ datafeeds you can add your own data and your own whitelist
  • Uses a secure and fast zone transfer technologies to pull down black list of bad domains and put them into your DNS resolver
  • Domain data is updated every 1-2 minutes automatically.

What RPZ Feeds are Available?

The following RPZ Threat Feeds, are available from PIPELINE

  • Composite zones: Includes malware, phishing and botnet feeds in one zone.
  • Individual zones: Types of abuse feeds split by category:
  • Phishing
  • Malware
  • Botnet
  • Spam / Abuse

How do I deploy RPZ?

RPZ is native in several of the industry’s leading DNS platforms, including:

  • BIND V9 (or greater)
  • Power DNS

Numerous appliance vendors have enabled RPZ as well, including:

  • Infoblox
  • Efficient IP
  • BlueCat

Spamhaus RPZ threat feeds are of the highest quality in the market and all are available for trail.

We can assist with technical setup and implementation questions. Feel free to contact us at [email protected] to learn more about the RPZ service.