DNS is a control plane of the Internet
No more ads, no more malware and more privacy if you own your DNS and enable DNS Security.
Free DNS Firewall (RPZ) feeds for
Two years ago @ BlackHat 2019 and Defcon 27 I introduced the ioc2rpz community. The community is powered by ioc2rpz (http://ioc2rpz.com) and provides DNS Firewall feeds free of charge. The feeds are based on OSINT and protect against malware, block ads & trackers and filtrate adult sites.
In 2013, when I joined Infoblox, I learned about DNS Firewall and I was able to evaluate only Infoblox's feeds. I tried to find any other free feeds but I was out of luck. There were only a few vendors who provided DNS Firewall feeds only for a fee.
Late in 2017 I started working on ioc2rpz technology and to promote it as well as educate the community on DNS Firewall in 2019 I created the ioc2rpz community. Back then the community offered 3 feeds to block malware, ads & trackers with about 300k rules. During the next 2 years I added new feeds, custom feeds and RpiDNS - a provisioning script and management user interface intended to run on Raspberry PI.
Early this year the project and the community portal got a first sponsor which helps me to cover some costs to run the service.
Right now ioc2rpz:
- maintains 13 feeds with about 11 million rules, which you still can use on a beefy Raspberry PI 4/8Gb at your home (can your NGFW do the same?). Top 5 RPZ community feeds includes: dga-360.ioc2rpz, doh.ioc2rpz, phishtank.ioc2rpz, malicious.ioc2rpz, notracking.ioc2rpz;
- provides the service to more than 50 members from 5 continents, 25 countries and 70 locations.
This proves that ioc2rpz can serve in an organization of any size. If you use TIP, subscribed for TI or generate your own TI, ioc2rpz can help you to transform your DNS server (if it supports RPZ) to a DNS Security layer.
I'm looking forward to introduce new features soon, to serve more community members and make this world a bit safer and secure.
You are welcome to join the community (https://ioc2rpz.net).
ioc2rpz community is a portal which provides free of charge DNS Firewall (or Response Policy Zone) feeds. The DNS Firewall feeds are based on publicly available threat intelligence(TI). The TI feeds are maintained by 3rd party communities or companies and only a limited number of indicatores were whitelisted. We are not validating the TI feeds on false positives.
DNS Firewall feeds provided "as-is". They may contain false positives.
If you have any questions, comments, proposals or want to provide any feedback please contact us.
DNS Firewall or DNS Response Policy Zones is a DNS server feature that allows to overlay custom information on top of the global DNS to provide alternate responses to DNS queries.
The prime motivation for creating this feature was to protect users from badness on the Internet related to known-malicious global identifiers such as host names, domain names, IP addresses, or nameservers.
Criminals tend to keep using the same identifiers until they are taken away from them. Unfortunately, the Internet security industry's ability to take down criminal infrastructure at domain registries, hosting providers or ISPs is not timely enough to be effective.
Using DNS Firewall, a network or DNS administrator can implement their own protection policies base based on reputation feeds from security service providers on a near-real-time basis.
More information available at dnsrpz.info