Hi Grant. That doesn't work for zones that then get used in a `response-policy` block. In this case you *must* define a zone §each time; so one (or up to 64) per view/instance of `response-policy`. Test it on your laptop/in a VM. What this does mean is that (if you are using views) you *could* have a different set of RPZ rules (different zone/zone contents) per view, perhaps because certain domains are fine for one set of clients but not fine for others.
@Carlos to respond to your mail from yesterday: The 64 zone limit applies to the `response-policy` block (see above). Here's the reference for that: https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-response-policy Since there can be only one `r-p` globally (if you don't have user-defined views) or per view (if you do) it kinda amounts to the same thing, but I just wanted to clarify. Regarding view selection, I don't know exactly how the code works or how efficient it is. But certainly I have seen some configs with a lot of views and they seem to function OK. What sort of QPS are each of your servers handling? Cheers, Greg On Sun, 25 Aug 2024 at 05:27, Grant Taylor via bind-users < bind-users@lists.isc.org> wrote: > On 8/24/24 07:37, Carlos Horowicz via bind-users wrote: > > 2. if RPZ records are held in memory, why would an RPZ zone need to be > > stored n times if there are n orthogonal views ? That is, why the more > > views the more memory needed. Maybe you meant the qpcache, to store > > different answers, though I don't understand how that works. > > I believe that some newer versions of BIND can share zone information > across multiple views. Check out the "in-view" statement that goes in a > zone {...} clause. > > Link - Chapter 7 BIND zone clause > - https://www.zytrax.com/books/dns/ch7/zone.html#in-view > > > > -- > Grant. . . . > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
