Hammers and nails...
On Tue, 16 Mar 2021, Marki wrote:
On 3/13/2021 12:11 AM, Tony Finch wrote:
Marki wrote:
But if you need granular filtering, that could become a lot of views...
Yes, I think RPZ is really designed to be a ban hammer [...]
Standard DNS server software (not only Bind)
On 3/13/2021 12:11 AM, Tony Finch wrote:
Marki wrote:
But if you need granular filtering, that could become a lot of views...
Yes, I think RPZ is really designed to be a ban hammer for dealing with
abuse, rather than a general-purpose access control mechanism. If you need
to get really fancy
Marki wrote:
>
> But if you need granular filtering, that could become a lot of views...
Yes, I think RPZ is really designed to be a ban hammer for dealing with
abuse, rather than a general-purpose access control mechanism. If you need
to get really fancy then you should look at dnsdist which
On 3/9/2021 10:21 PM, Tony Finch wrote:
Marki wrote:
I'm not sure about the flexibility of RPZ; it doesn't seem that I can
have rules like "client 1.2.3.4 is allowed to look up example.com but
client 1.2.3.5 is not".
You can have multiple response-policy zones, which are matched in the
order
Marki wrote:
>
> Concerning static-stub: Using a (bogus) forwarder together with "forward
> first" (default) seems to work (Note: using "forward only" gives SERVFAIL).
> All outside requests get a SERVFAIL even with "forward first" but that's an
> esthetic problem.
Yes, SERVFAIL is ugly - I
On 3/9/2021 6:03 PM, Tony Finch wrote:
Marki wrote:
I am seeking a combination of either a combined configuration on one, or a
config of several different DNS servers together to achieve the following:
* Some clients should be able to resolve authoritative local zones as well as
some
Marki wrote:
>
> I am seeking a combination of either a combined configuration on one, or a
> config of several different DNS servers together to achieve the following:
>
> * Some clients should be able to resolve authoritative local zones as well as
> some forwarded zones.
>
> * Other clients
Where is it sending recursive queries if it owns the root?
On Sun, Mar 7, 2021 at 3:06 AM Marki wrote:
> I tried that. When you configure no global forwarders it's going to
> recurse because recursion needs to be enabled for the individual forwarded
> zones to work. You'd have to specify a fake
I tried that. When you configure no global forwarders it's going to recurse
because recursion needs to be enabled for the individual forwarded zones to
work. You'd have to specify a fake global forwarder which looks like a hack.
On March 7, 2021 10:09:49 AM GMT+01:00, Crist Clark
wrote:
>Two
Two views. The view that does not do internet DNS claims authority for the
root and does not global forward. The entire DNS is just the zones defined
in the view, which can be authoritative or forwarded. The other view has
the global forward-only to upstream resolvers.
On Sat, Mar 6, 2021 at 3:34
I'm not sure:
> Some clients should be able to resolve authoritative local zones as
well as some forwarded zones.
And only that. "forward only;" doesn't cut it, in case you mean the
global option. That would still forward everything else somewhere else.
The requirement is to _only_ resolve
forward only;
On Fri, Mar 5, 2021 at 5:19 PM Marki wrote:
> Hello,
>
> I am seeking a combination of either a combined configuration on one, or
> a config of several different DNS servers together to achieve the
> following:
> * Some clients should be able to resolve authoritative local zones
Hello,
I am seeking a combination of either a combined configuration on one, or
a config of several different DNS servers together to achieve the following:
* Some clients should be able to resolve authoritative local zones as
well as some forwarded zones.
* Other clients should be able to
only be serving authoritative data (and no other data is
retrieved elsewhere via queries, via forwarding or recursion).
These two situations serve two very different functions. If you are
trying to mix these two functions (resolving server, authoritative
server), then you have to be able to either
Hello,
Is this possible to disable recursion for all incoming queries except
for those listed in zone statement with a forwarder.
I know that no forwarding is allowed if we disable recursion.
Something like this ( but this doesn't work I know ):
I can't match people so I can't create a view.
I believe the behavior of the following configuration is to send back
the IP address of the forwarders to the clients, and rely on clients
to do the recursive query against the forwarders.
On Tue, Jan 20, 2009 at 9:25 AM, etirado@orange-ftgroup.com wrote:
Hello,
Is this possible to
On Jan 20, 2009, at 9:25 AM, etirado@orange-ftgroup.com etirado@orange-ftgroup.com
wrote:
Hello,
Is this possible to disable recursion for all incoming queries except
for those listed in zone statement with a forwarder.
I know that no forwarding is allowed if we disable recursion.
17 matches
Mail list logo