Response policy zone

The RPZ mechanism was developed by the Internet Systems Consortium led by Paul Vixie as a component of the BIND Domain Name Server (DNS).

RPZ allows a DNS recursive resolver to choose specific actions to be performed for a number of collections of domain name data (zones).

RPZ is essentially a filtering mechanism, either preventing people from visiting internet domains, or pointing them to other locations by manipulating the DNS answers in different ways.

Some Internet security organisations have offered data describing potentially dangerous domains early in the development of the RPZ mechanism.

Consider that Alice uses a computer which uses a DNS service (recursive resolver) which is configured to use RPZ and has access to some source of zone data which lists domains that are believed to be dangerous.

DNS flow diagram
DNS response modification under policy restrictions