roles/named: Implement response policy zones
BIND response policy zones (RPZ) support provides a mechanism for overriding the responses to DNS queries based on a wide range of criteria. In the simplest form, a response policy zone can be used to provide different responses to different clients, or "block" some DNS names. For the Pyrocufflink and related networks, I plan to use an RPZ to implement ad/tracker blocking. The goal will be to generate an RPZ definition from a collection of host lists (e.g. those used by uBlock Origin) periodically. This commit introduces basic support for RPZ configuration in the *named* role. It can be activated by providing a list of "response policy" definitions (e.g. `zone "name"`) in the `named_response_policy` variable, and defining the corresponding zones in `named_zones`.
This commit is contained in:
@@ -18,6 +18,10 @@ pyrocufflink_red_zones:
|
||||
- '{ !{ !localhost; any; }; key local-ddns; }'
|
||||
ttl: 30
|
||||
|
||||
rpz_zones:
|
||||
- zone: blackhole.rpz
|
||||
type: master
|
||||
|
||||
named_keys:
|
||||
- name: dhcp-ddns
|
||||
algorithm: hmac-md5
|
||||
|
||||
Reference in New Issue
Block a user