• Print
  • Share
  • Dark

DNS Response Policy Zones - Specification - Format 3

  • Updated on 07 Sep 2018
  • 1 minute to read
  • Contributors 

This specification is no longer currentAttached to this article is the original specification when DNS-RPZ was first released as a functioning code feature.  It has evolved through several iterations since then, but we have kept it here as a nod to Internet history.  For information on the DNS-RPZ standard now, please refer to: https://www.ietf.org/archive/id/draft-ietf-dnsop-dns-rpz-00.txt
(The link above may point to older versions of the standard; if/when this standard is adopted as an RFC by the IETF, then please follow links to that new document.)

For current information on the BIND implementation of DNS-RPZ, please refer to the Administrator Reference Manual (ARM) for the version that you are running: An Overview of BIND 9 Documentation


This memo describes a method for expressing DNS response policy inside a specially constructed DNS zone, and for processing the contents of such zones inside recursive name servers. These response policies are intended for use in fighting Internet crime and abuse. Almost all Internet crime relies on DNS, and many new and existing domains at the time of this writing are malicious.



See also: Building DNS Firewalls with Response Policy Zones (RPZ)

Problems with this site? Email us at marketing@isc.org