1. Create zone for block using RPZ
[root@server-teguht ~]# cat /var/named/rpz.db
$TTL 1D
@ IN SOA ns1.example.com. root.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.example.com.
@ IN A 192.168.7.222
youtube.com IN CNAME @
www.youtube.com IN CNAME @
[root@server-teguht ~]#
2. setting response policy
[root@server-teguht ~]# cat /etc/named.conf
response-policy { zone "teguht.com" policy CNAME testRPZ.com; zone "ns1.example.com";};
zone "ns1.example.com" IN {
type master ;
file "/var/named/rpz.db" ;
} ;
3. Restart named service
[root@server-teguht ~]# systemctl restart named
[root@server-teguht ~]#
4. Testing domain using nslookup and dig
[root@server-teguht ~]# nslookup
> yahoo.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: yahoo.com
Address: 98.138.219.231
Name: yahoo.com
Address: 98.137.246.7
Name: yahoo.com
Address: 72.30.35.9
Name: yahoo.com
Address: 98.137.246.8
Name: yahoo.com
Address: 98.138.219.232
Name: yahoo.com
Address: 72.30.35.10
>
> youtube.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
youtube.com canonical name = ns1.example.com.
Name: ns1.example.com
Address: 192.168.7.222
> exit
[root@server-teguht ~]#
[root@server-teguht ~]# dig @127.0.0.1 yahoo.com
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> @127.0.0.1 yahoo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6836
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 5, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;yahoo.com. IN A
;; ANSWER SECTION:
yahoo.com. 78 IN A 98.137.246.7
yahoo.com. 78 IN A 72.30.35.10
yahoo.com. 78 IN A 98.138.219.231
yahoo.com. 78 IN A 98.137.246.8
yahoo.com. 78 IN A 98.138.219.232
yahoo.com. 78 IN A 72.30.35.9
;; AUTHORITY SECTION:
yahoo.com. 171073 IN NS ns5.yahoo.com.
yahoo.com. 171073 IN NS ns2.yahoo.com.
yahoo.com. 171073 IN NS ns4.yahoo.com.
yahoo.com. 171073 IN NS ns1.yahoo.com.
yahoo.com. 171073 IN NS ns3.yahoo.com.
;; ADDITIONAL SECTION:
ns1.yahoo.com. 171073 IN A 68.180.131.16
ns1.yahoo.com. 171073 IN AAAA 2001:4998:130::1001
ns5.yahoo.com. 171073 IN A 119.160.253.83
ns2.yahoo.com. 171073 IN A 68.142.255.16
ns2.yahoo.com. 171073 IN AAAA 2001:4998:140::1002
ns3.yahoo.com. 171073 IN A 203.84.221.53
ns3.yahoo.com. 171073 IN AAAA 2406:8600:b8:fe03::1003
ns4.yahoo.com. 171073 IN A 98.138.11.157
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 15 15:41:26 WIB 2019
;; MSG SIZE rcvd: 388
[root@server-teguht ~]#
[root@server-teguht ~]# dig @127.0.0.1 youtube.com
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> @127.0.0.1 youtube.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9782
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;youtube.com. IN A
;; ANSWER SECTION:
youtube.com. 5 IN CNAME ns1.example.com.
ns1.example.com. 86400 IN A 192.168.7.222
;; AUTHORITY SECTION:
ns1.example.com. 86400 IN NS ns1.example.com.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 15 15:42:05 WIB 2019
;; MSG SIZE rcvd: 96
[root@server-teguht ~]#
[root@server-teguht ~]# curl -XGET yahoo.com
redirect[root@server-teguht ~]#
[root@server-teguht ~]#
[root@server-teguht ~]# curl -XGET youtube.com
curl: (7) Failed connect to youtube.com:80; No route to host
[root@server-teguht ~]#
No comments:
Post a Comment