DNS Response Policy Zones - Specification - Format 3


This specification is no longer current

Attached to this article is the original specification when DNS-RPZ was first released as a functioning code feature.  It has evolved through several iterations since then, but we have kept it here as a nod to Internet history.  For information on the DNS-RPZ standard now, please refer to:
(The link above may point to older versions of the standard; if/when this standard is adopted as an RFC by the IETF, then please follow links to that new document)

For current information on the BIND implementation of DNS-RPZ, please refer to the Administrator Reference Manual (ARM) for the version that you are running:
An Overview of BIND 9 Documentation


This memo describes a method for expressing DNS response policy inside a specially constructed DNS zone, and for processing the contents of such zones inside recursive name servers. These response policies are intended for use in fighting Internet crime and abuse. Almost all Internet crime relies on DNS, and many new and existing domains at the time of this writing are malicious.

[see attached text or PDF files]

See also: Building DNS Firewalls with Response Policy Zones (RPZ)