===== Master =====
mkdir /var/cache/bind/rpz/
ln -s /var/cache/bind/rpz/ /etc/bind/rpz
nano /etc/bind/named.conf.local
zone "rpz.zone" {
type master;
file "/var/cache/bind/rpz/db.rpz.zone.hosts";
allow-query { private; };
allow-transfer { 172.31.255.12; };
also-notify { 172.31.255.12; };
};
nano /var/cache/bind/rpz/db.rpz.zone.hosts
$TTL 1H
@ IN SOA LOCALHOST. bloqueadonobrasil..com.br. (
2024012201 ; Serial
1h ; Refresh
15m ; Retry
30d ; Expire
2h ; Negative Cache TTL
)
NS bloqueadonobrasil..com.br.
; ou
; NS localhost.
nano /etc/bind/named.conf.options
response-policy {
zone "rpz.zone" policy CNAME localhost;
};
wget https://protocol.be/public/planilha_operacao_url20241011_09_10-1.dns
cat planilha_operacao_url20241011_09_10-1.dns >> /var/cache/bind/rpz/db.rpz.zone.hosts
chown bind: /var/cache/bind/rpz/ -R
systemctl restart bind9
nslookup 1996jogo.com 127.0.0.1
===== Slave =====
mkdir /var/cache/bind/rpz/
ln -s /var/cache/bind/rpz/ /etc/bind/rpz
nano /etc/bind/named.conf.local
zone "rpz.zone" {
type slave;
file "/var/cache/bind/rpz/db.rpz.zone.hosts";
masters { 172.31.255.11; };
allow-notify { 172.31.255.11; };
};
nano /etc/bind/named.conf.options
response-policy {
zone "rpz.zone" policy CNAME localhost;
};
chown bind: /var/cache/bind/rpz/ -R
systemctl restart bind9
nslookup 1996jogo.com 127.0.0.1
===== Notes =====
ref: https://blog.remontti.com.br/7759
journalctl -xeu named.service -f|grep bet
for i in $(cut -d " " -f1 bet|tr '[:upper:]' '[:lower:]'); do echo -ne "/ip dns static add disabled=no address=127.0.0.1 comment=anatel_operacao_20241011_09_10-1 name=$i\n"; done
for i in $(cut -d " " -f1 bet|tr '[:upper:]' '[:lower:]'); do echo -ne "$i\tIN CNAME .\n*.$i\tIN CNAME .\n"; done