On 3/13/2021 12:11 AM, Tony Finch wrote:
Marki <bind-us...@lists.roth.lu> wrote:
But if you need granular filtering, that could become a lot of views...
Yes, I think RPZ is really designed to be a ban hammer for dealing with
abuse, rather than a general-purpose access control mechanism. If you need
to get really fancy then you should look at dnsdist which can be
programmed in Lua.
Tony.
Just posting this to give everyone my conclusions and how this turned out.
Standard DNS server software (not only Bind) does not provide for easy
whitelist filtering, only blacklists seem to be "en vogue". Like
trusting nearly everyone, except, oh well, what did they teach in
security class? Never mind, we're currently rolling out dnsdist.
@Tony Your feedback has been very to the point, knowledgeable and
fruitful. If you've got an Amazon wishlist (almost wrote whitelist lol)
let me know :D
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
