RPZ

Response Policy Zone: a DNS firewall mechanism where a recursive resolver overrides answers based on a policy zone, used for malware blocking, parental controls, and ad filtering.

RPZ (Response Policy Zone) is the open standard, originally designed by Paul Vixie and ISC, for plugging policy data into a recursive resolver. A policy zone is just an ordinary DNS zone whose records say "if a query matches this name (or the answer matches this IP), do X" where X is NXDOMAIN, NODATA, a redirect to a walled garden, or passthrough. BIND, Unbound, PowerDNS Recursor, and Knot Resolver all support it. Threat intelligence providers like Spamhaus, SURBL, and Farsight publish RPZ feeds that operators subscribe to via AXFR/IXFR for low-latency updates of millions of bad domains.

Related terms

DNS Sinkhole
Recursive Resolver
DNSBL
Extended DNS Errors

Referenced on

DNS Tunneling Attack: How Data Is Smuggled Through Port 53
Fast Flux DNS: How Botnets Hide Behind Rapidly Rotating IP Addresses

Back to the full glossary

Related terms

See also

Referenced on