Blocked?See Live ThreatsCommunity
Customer Portal Login
Spamhaus Technology and abuse.ch Logo
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About

Frequently
Asked
Questions

Frequently asked questions about our solutions and data. If you can’t find what you’re looking for, get in touch below - we’re happy to help.

Categories

abuse.chBorder Gateway Protocol (BGP)Botnet C2 IPsBotnet Controller ListData Query ServiceDNS BlocklistsDNS FirewallDo Not Route or Peer (DROP)General account questionsGeneral terminologyHighly malicious networksListing removalsPassive DNSReputation Portal
Response Policy Zones (RPZ)Sharing data with SpamhausSpamhaus Intelligence APISpamhaus Intelligence API - Developer License

FAQs | Response Policy Zones (RPZ)

Response Policy Zones (RPZ)

  • How do DNS RPZs work?

    DNS RPZ applies threat intelligence data sets to DNS resolver traffic. This prevents DNS requests from resolving to malicious IP addresses and domains.

    1. User clicks on a URL link and queries the local DNS resolver;
    2. The DNS resolver checks against the RPZ’s;
    3. If the domain, IP, or nameserver is listed in one of the zones, the resolution of that link is blocked or redirected. If it is not listed, the user seamlessly continues to access the link destination.

    For more information, read this blog post

  • How do I find the IP addresses of my DNS Servers for DNS Firewall?

    Log into your server and run the following command(s):

    • curl -4 https://deteque.com/whatsmyip/
    • curl -6 https://deteque.com/whatsmyip/

    The result from these commands will provide you with the IP that you need to enter into our Customer Portal under the Access tab of your DNS firewall settings.

    Please note that if you have multiple servers pointing to our services, you will need to run this command on each server that you will be pointing to our service.

    Once you have entered the IP addresses, it can take up to one hour to be provisioned in our systems.

  • What are DNS Firewall Threat Feeds?

    DNS Firewall Threat Feeds are Response Policy Zones (RPZs) that provide automatic protection against phishing sites and malware downloads.

    They are delivered in industry standard RPZ format which allows a recursive DNS resolver to choose specific actions to be performed. This includes dropping, blocking, and passing through traffic.

  • What error does the DNS resolver return when a site gets blocked?

    A DNS resolver will return an NXDOMAIN (invalid domain) response when it is matched against a threat feed listing.

    Those utilizing the Dedicated Service can point to an internal IP resource that will allow the block to redirect to an information page that can provide a warning, some education, or insight into why something was blocked.

  • What hardware and software do I need to support DNS Firewall Threat Feeds?

    If you chose to use Spamhaus’ Managed Service this is not an issue. However, where you are running your own DNS infrastructure and want to use our Dedicated Service, here are our recommendations:

    While it is possible that the current hardware that is running your DNS resolver may be able to handle the processing of DNS Firewall Threat Feeds, we recommend the following hardware configuration:

    8 core CPU

    8 gigabytes of RAM

    Bare-metal dedicated server

    Please ensure that you are running the most up-to-date version of your resolver software.

  • What threats do DNS RPZs protect users against?

    Our DNS RPZs protect users from multiple threats. Not only do they stop them from accessing malware dropper sites or downloading ransomware, but they also prevent your users from unwittingly sharing confidential log-in information by blocking access to phishing domains.

  • What threats do DNS RPZs protect your network against?

    The DNS RPZs prevent cybercriminals from stealing data from your network. This is accomplished by blocking communications between external botnet command and controller (C2) servers and infected botnet nodes on your network.

  • Who can use DNS RPZs?

    To utilize DNS RPZs, you’ll need to manage your own DNS infrastructure. The RPZs can be used with a variety of major DNS solutions, including BIND and PowerDNS. They can also be used with some DNS appliances, including Infoblox.

  • Why would I want to block DNS resolution?

    There are many networks, domains, and IP addresses on the internet whose sole purpose is to cause harm to or steal information from unsuspecting users who visit their servers and sites.

    For example: a phishing domain, created for the sole purpose of stealing data, can be used for a spam campaign that is sent to users on your network asking them to verify their account. The email is received and is not blocked by your spam filtering, so the message gets delivered into your user’s inbox. When the user clicks on the link to verify their account, because the site is listed in the Threat Feeds, their computer is unable to resolve the phishing website.

    This action will protect your user from surrendering their personal information, and potentially prevent their workstation from becoming infected with botnet software. Blocking malicious content also offers you the potential to educate your users immediately.

Need Help?
Get in touch

0

Spamhaus is committed to protecting and respecting your privacy. We’ll only use your personal information to respond to your enquiry, manage any accounts you may set-up, and to provide the products and services you request from us. From time to time, we would like to contact you about our products and services, as well as other security related content that may be of interest to you. If you consent to us contacting you for this purpose, please tick the box below.

You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow Spamhaus to store and process the personal information submitted above to provide you the content requested.

I agree to receive other communications from Spamhaus.

Spamhaus | abuse.ch Logo

Solutions

Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge ProtectionCyber Threat IntelligenceThreat Intelligence EnrichmentThreat HuntingAll Solutions

Data

Malware IntelligencePhishingSpamInsight & ClassificationHistorical ContextAll Data

Email & Network

About Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge Protection

Cyber Threat Intelligence

About Cyber Threat IntelligenceThreat Intelligence EnrichmentThreat Hunting

Resources

Resource CenterEventsCommunityMalware DigestBotnet Threat MapCompromised IP StatisticsFAQsStatus Page

About Us

About SpamhausSpamhaus-abuse.ch Alliance
Spamhaus | abuse.ch Logo
XLinkedInYouTube
Privacy PolicyCookie PolicyTerms and Conditions
Uicons by Flaticon