Abstract:As an important network infrastructure for service, the domain name system (DNS) is a necessary link for terminals to access the Internet. In recent years, more and more attempts have been made to trick users into malicious servers through DNS, posing a huge threat to Internet security. It is of great practical significance for both operators and network regulators to prevent and resolve access to malicious domains or IPs, including phishing websites, spam, ransomware, and pornographic websites. Therefore, this paper describes the working principle of Response Policy Zones (RPZ), builds a DNS RPZ security protection system, and then configures the related core software. Then, experiments are conducted on the system to verify the protection effect against malicious domains and IPs.