RPZ (Response Policy Zone)

A Response Policy Zone (RPZ) is a [[dns|DNS]] firewall mechanism that allows network operators to customize how their [[dns-resolver|DNS resolver]] responds to queries for specific domain names. RPZ feeds — maintained by threat intelligence providers — contain lists of malicious, phishing, or policy-violating domains. When a client queries for a domain on the RPZ list, the resolver returns a substitute response (typically NXDOMAIN or a sinkhole IP) instead of the real DNS answer, blocking access before any network connection is attempted. RPZ operates at the recursive resolver level, making it a powerful, transparent network-level security control.