Is Firewalla using an RPZ Feed (DNS Sinkhole) ?
Is there a DNS Sinkhole running on Firewalla?
If so, where does it get the RPZ feed?
If not, can we implement one?
Also known as "DNS Firewall" .. A response policy zone (RPZ) is a mechanism to introduce a customized policy in Domain Name System servers, so that recursive resolvers return possibly modified results. By modifying a result, access to the corresponding host can be blocked.
Example of use
Consider that Alice uses a computer which uses a DNS service (recursive resolver) which is configured to use RPZ and has access to some source of zone data which lists domains that are believed to be dangerous.
Alice receives an email with a link that appears to resolve to some place that she trusts, and she wishes to click on the link. She does so, but the actual location is not the trusted source that she read but a dangerous location which is known to the DNS service.
As the DNS service realizes that the resulting web location is dangerous, instead of informing her computer how to get to it (unmodified response), it sends information which leads to a safe location. Depending on how the DNS service configures its policy actions, the modified response can be a fixed page on a web site which informs her of what has happened, or a DNS error code such as NXDOMAIN or NODATA, or send no response at all.
DNS filtering is already there. You can also add your own using the "rules" system. You can define your own by using the rules system. See https://help.firewalla.com/hc/en-us/articles/360008521833-Manage-Rules
In this document look for domain block mode
- default: block domain via DNS, and block IP
- domain: block domain via DNS
Please sign in to leave a comment.