Re: BIND-RPZ and Views

[Tony Finch]

Tom  wrote:
>
> What is the supported/preferred way for implementing slave-rpz's in views?
> I want to achieve, that view1 has a different policy-configuration (passthru,
> given, nxdomain..) than the ones configured in view2 using the same
> slave-rpz-files. If not obligatory, I would not synchronize/transfer the
> slave-zone again...just for the view2.

I believe the only way to do this is to have duplicate copies of RPZ zones
which are used in multiple views.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Humber: Variable 3 or 4. Smooth or slight. Occasional rain. Moderate or good,
occasionally poor.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND-RPZ and Views

[Tom]

Hi

What is the supported/preferred way for implementing slave-rpz's in views?
I want to achieve, that view1 has a different policy-configuration 
(passthru, given, nxdomain..) than the ones configured in view2 using 
the same slave-rpz-files. If not obligatory, I would not 
synchronize/transfer the slave-zone again...just for the view2.


Thank you.
Tom


On 09/16/2016 12:22 PM, Tony Finch wrote:

Anand Buddhdev  wrote:


In newer versions of BIND, you cannot share a writable file in different
views. This is a bad configurtion, and newer versions of BIND reject it.
Just use different file names.


To clarify, you couldn't in older versions of BIND either! It would cause
weird data corruption problems.

Tony.


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND-RPZ and Views

[Tony Finch]

Anand Buddhdev  wrote:
>
> In newer versions of BIND, you cannot share a writable file in different
> views. This is a bad configurtion, and newer versions of BIND reject it.
> Just use different file names.

To clarify, you couldn't in older versions of BIND either! It would cause
weird data corruption problems.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Faeroes, Southeast Iceland: Southerly or southwesterly 4 or 5, increasing 6 or
7 later, perhaps gale 8 in Southeast Iceland. Moderate or rough, occasionally
very rough later. Showers, rain later. Moderate or good, occasionally poor
later.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND-RPZ and Views

[Anand Buddhdev]

On 16/09/16 09:06, Tom wrote:

Hi Tom,

> Using BIND 9.10.4-P2: I've a question about configuring DNS-RPZ and views:
> I configured view1 and view2. After configuring all rpz-zones in both
> views, I had errors like this (slave file in view2 is already in use
> from view1):
> config: error: /etc/named/named.conf:403: writeable file
> 'slave/malware.rpz.spamhaus.org': already in use: /etc/named/named.conf:259

In newer versions of BIND, you cannot share a writable file in different
views. This is a bad configurtion, and newer versions of BIND reject it.
Just use different file names.

Regards,
Anand
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

BIND-RPZ and Views

[Tom]

Hi

Using BIND 9.10.4-P2: I've a question about configuring DNS-RPZ and views:
I configured view1 and view2. After configuring all rpz-zones in both 
views, I had errors like this (slave file in view2 is already in use 
from view1):
config: error: /etc/named/named.conf:403: writeable file 
'slave/malware.rpz.spamhaus.org': already in use: /etc/named/named.conf:259


Is there a way to support RPZ in views? I want to achieve that 
Customer01 (view01) should have different RPZ-options than Customer02 
(view02) using the same RPZ-Files.


Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Bind, rpz and views

[Job]

Hello Bind ML,

i am trying to setup some blacklists foqr some users.

I have a file for every blacklist, example: blacaklistA blacklistB blacklistC.

I have to assign different combination of A B C to users.

I created dns bind view that, by matching source ip client, provide different 
answer according to match-clients.

The problems is that, when scaling this configuration, bind requests lots of 
memory because, if the blacklistA file is requested from 100 different users in 
100 different view, it loads 100 times the file!

Is there a way to reuse that same file without loading it, in memory, n times?

Thank you!

Francesco
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Bind, rpz and views

[Job]

Hello Bind ML,

i am trying to setup some blacklists foqr some users.

I have a file for every blacklist, example: blacaklistA blacklistB blacklistC.

I have to assign different combination of A B C to users.

I created dns bind view that, by matching source ip client, provide different 
answer according to match-clients.

The problems is that, when scaling this configuration, bind requests lots of 
memory because, if the blacklistA file is requested from 100 different users in 
100 different view, it loads 100 times the file!

Is there a way to reuse that same file without loading it, in memory, n times?

Thank you!

Francesco
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users