Disabling RPZ for a few clients / views sharing zones

What is the best way to disable RPZ for a few clients (without forcing those clients to use different DNS server IPs)? I think I could create a new view that has all the same zones and zone contents except for the RPZ one. If I go this route, is it still required to set up per-view IP aliases on

Re: Disabling RPZ for a few clients / views sharing zones

On 02/06/2014 06:27 AM, Chuck Anderson wrote: I was kinda hoping that newer versions of BIND could share zones (with identical zone contents) between views without requiring the messy multiple IP alias setup. You have always been able to do this with include files. hth, Doug

Re: Disabling RPZ for a few clients / views sharing zones

On Thu, Feb 06, 2014 at 09:50:26AM -0800, Doug Barton wrote: On 02/06/2014 06:27 AM, Chuck Anderson wrote: I was kinda hoping that newer versions of BIND could share zones (with identical zone contents) between views without requiring the messy multiple IP alias setup. You have always been

Re: Disabling RPZ for a few clients / views sharing zones

On Thu, Feb 06, 2014 at 03:10:03PM -0500, Chuck Anderson wrote: You have always been able to do this with include files. I'm not sure how this helps. If you do this: Then the global view sees updates to example.com quickly, as soon as NOTIFY is sent by the master and the zone is

Re: Disabling RPZ for a few clients / views sharing zones

On Thu, 6 Feb 2014, Chuck Anderson wrote: On Thu, Feb 06, 2014 at 09:50:26AM -0800, Doug Barton wrote: On 02/06/2014 06:27 AM, Chuck Anderson wrote: I was kinda hoping that newer versions of BIND could share zones (with identical zone contents) between views without requiring the messy

Re: Disabling RPZ for a few clients / views sharing zones

On Thu, Feb 06, 2014 at 02:49:03PM -0600, Jay Ford wrote: I like the trick of having view A pull the zone from the real master notify view B, while view B pulls the zone locally from view A, using TSIG keys to indicate the other view for the notify transfer. Adapting your config, using

Re: Disabling RPZ for a few clients / views sharing zones

On Thu, 6 Feb 2014, Chuck Anderson wrote: Neat. Is there any problem with using the exact same zone file in both views? I worry that one view might fight with the file from the other view... Oh yeah, sorry, I left that bit out. The slave files do need to be unique or they will over-write

Re: no. of Views and Zones

. I'm not sure you quite understand what zones and views are. Why would you not simply create a single zone per customer, and eliminate views altogether? Well, maybe I'm not, but how to create a zone per customer? Example, customer1 wants to block access to facebook.com while customer2 wants normal

RE: no. of Views and Zones

there. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Alans Sent: Monday, November 08, 2010 1:01 AM To: bind-users@lists.isc.org Subject: Re: no. of Views and Zones On 11/08/2010 12:52 AM

Re: no. of Views and Zones

Thanks Alan, I'll try to do more research and I really like to hear from you or anyone else about better solutions if possible. I think your best solution is to not try to play traffic cop with DNS. If customers don't want their users to access XYZ, let THEM run a proxy or firewall that

Re: no. of Views and Zones

Lightner, Jeff wrote: You would NOT use a single zone for this. Views are designed specifically to control what is seen. However, that control is mainly done by acl's specifying which networks access which views. Or by server IP. You can use match-destinations with views to provide a

RE: no. of Views and Zones

: bind-users@lists.isc.org Subject: Re: no. of Views and Zones Lightner, Jeff wrote: You would NOT use a single zone for this. Views are designed specifically to control what is seen. However, that control is mainly done by acl's specifying which networks access which views. Or by server IP

Re: no. of Views and Zones

quite understand what zones and views are. Why would you not simply create a single zone per customer, and eliminate views altogether? Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth

Re: no. of Views and Zones

I'm not sure you quite understand what zones and views are. Why would you not simply create a single zone per customer, and eliminate views altogether? Are you suggesting a single zone with multiple domain names ? I fail to see, how that should be a possible road to follow. The idea, that I

Re: no. of Views and Zones

and number of zones/view. I'm not sure you quite understand what zones and views are. Why would you not simply create a single zone per customer, and eliminate views altogether? Well, maybe I'm not, but how to create a zone per customer? Example, customer1 wants to block access to facebook.com

Re: no. of Views and Zones

didn't got exact answer for my questions, I was thinking if you can tell what is your largest number of views and zones that you used so far? sizeof(zone data) * count(views) - memory required If you have enough memory, you can support whatever you need. Again, I think there's a better solution out

Re: no. of Views and Zones

is your largest number of views and zones that you used so far? regards, Alans ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: no. of Views and Zones

was thinking if you can tell what is your largest number of views and zones that you used so far? sizeof(zone data) * count(views) - memory required If you have enough memory, you can support whatever you need. Again, I think there's a better solution out there than bunches of views. AlanC

no. of Views and Zones

Hello Everyone, Have 2 questions, is there any limitation (beside hardware) on number of views? I mean creating a view/customer? And is there any limitation for number of zones/view? Thanks in advance. Alans ___ bind-users mailing list

Re: no. of Views and Zones

Alans, Have 2 questions, is there any limitation (beside hardware) on number of views? I mean creating a view/customer? And is there any limitation for number of zones/view? You cannot use views to group zones for customers. I have recently on this list proposed an extension to the view

Re: no. of Views and Zones

? And is there any limitation for number of zones/view? You cannot use views to group zones for customers. I have recently on this list proposed an extension to the view concept to be able to do this, but nobody has commented on this proposal. Views are primarily used for cases, when IP-adresses

Re: no. of Views and Zones

On 10/31/2010 4:48 AM, Alans wrote: Have 2 questions, is there any limitation (beside hardware) on number of views? I mean creating a view/customer? And is there any limitation for number of zones/view? Instead of saying how many views can I get, I think you would be much better off saying

Re: no. of Views and Zones

Alan Clegg, Can you perhaps explain your need to fragment the DNS namespace (which was NOT supposed to be done)? I cannot speak for Alans, but only for our own needs. We run DNSes for a number of customers i.e. everybody in the whole world should see the same zone data. No different views of

Re: no. of Views and Zones

On 10/31/2010 05:48 PM, Alan Clegg wrote: On 10/31/2010 4:48 AM, Alans wrote: Instead of saying how many views can I get, I think you would be much better off saying why am I trying to implement more views. I'm trying to implement something similar to OpenDNS in a smaller scale. i.e. letting