What is the best way to disable RPZ for a few clients (without forcing
those clients to use different DNS server IPs)? I think I could
create a new view that has all the same zones and zone contents except
for the RPZ one. If I go this route, is it still required to set up
per-view IP aliases on
On 02/06/2014 06:27 AM, Chuck Anderson wrote:
I was kinda hoping that newer
versions of BIND could share zones (with identical zone contents)
between views without requiring the messy multiple IP alias setup.
You have always been able to do this with include files.
hth,
Doug
On Thu, Feb 06, 2014 at 09:50:26AM -0800, Doug Barton wrote:
On 02/06/2014 06:27 AM, Chuck Anderson wrote:
I was kinda hoping that newer
versions of BIND could share zones (with identical zone contents)
between views without requiring the messy multiple IP alias setup.
You have always been
On Thu, Feb 06, 2014 at 03:10:03PM -0500, Chuck Anderson wrote:
You have always been able to do this with include files.
I'm not sure how this helps. If you do this:
Then the global view sees updates to example.com quickly, as soon as
NOTIFY is sent by the master and the zone is
On Thu, 6 Feb 2014, Chuck Anderson wrote:
On Thu, Feb 06, 2014 at 09:50:26AM -0800, Doug Barton wrote:
On 02/06/2014 06:27 AM, Chuck Anderson wrote:
I was kinda hoping that newer
versions of BIND could share zones (with identical zone contents)
between views without requiring the messy
On Thu, Feb 06, 2014 at 02:49:03PM -0600, Jay Ford wrote:
I like the trick of having view A pull the zone from the real master
notify view B, while view B pulls the zone locally from view A, using TSIG
keys to indicate the other view for the notify transfer.
Adapting your config, using
On Thu, 6 Feb 2014, Chuck Anderson wrote:
Neat. Is there any problem with using the exact same zone file in
both views? I worry that one view might fight with the file from the
other view...
Oh yeah, sorry, I left that bit out. The slave files do need to be unique or
they will over-write
.
I'm not sure you quite understand what zones and views are. Why would
you not simply create a single zone per customer, and eliminate views
altogether?
Well, maybe I'm not, but how to create a zone per customer?
Example, customer1 wants to block access to facebook.com while
customer2 wants normal
there.
-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf
Of Alans
Sent: Monday, November 08, 2010 1:01 AM
To: bind-users@lists.isc.org
Subject: Re: no. of Views and Zones
On 11/08/2010 12:52 AM
Thanks Alan, I'll try to do more research and I really like to hear from
you or anyone else about better solutions if possible.
I think your best solution is to not try to play traffic cop with DNS.
If customers don't want their users to access XYZ, let THEM run a
proxy or firewall that
Lightner, Jeff wrote:
You would NOT use a single zone for this. Views are designed
specifically to control what is seen. However, that control is mainly
done by acl's specifying which networks access which views.
Or by server IP. You can use match-destinations with views to provide a
: bind-users@lists.isc.org
Subject: Re: no. of Views and Zones
Lightner, Jeff wrote:
You would NOT use a single zone for this. Views are designed
specifically to control what is seen. However, that control is mainly
done by acl's specifying which networks access which views.
Or by server IP
quite understand what zones and views are. Why would
you not simply create a single zone per customer, and eliminate views
altogether?
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth
I'm not sure you quite understand what zones and views are. Why would
you not simply create a single zone per customer, and eliminate views
altogether?
Are you suggesting a single zone with multiple domain names ?
I fail to see, how that should be a possible road to follow.
The idea, that I
and number of zones/view.
I'm not sure you quite understand what zones and views are. Why would
you not simply create a single zone per customer, and eliminate views
altogether?
Well, maybe I'm not, but how to create a zone per customer?
Example, customer1 wants to block access to facebook.com
didn't got exact answer for my questions, I was thinking if you
can tell what is your largest number of views and zones that you used so
far?
sizeof(zone data) * count(views) - memory required
If you have enough memory, you can support whatever you need. Again, I
think there's a better solution out
is your largest number of views and zones that you used so
far?
regards,
Alans
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
was thinking if you
can tell what is your largest number of views and zones that you used so
far?
sizeof(zone data) * count(views) - memory required
If you have enough memory, you can support whatever you need. Again, I
think there's a better solution out there than bunches of views.
AlanC
Hello Everyone,
Have 2 questions, is there any limitation (beside hardware) on number of
views? I mean creating a view/customer?
And is there any limitation for number of zones/view?
Thanks in advance.
Alans
___
bind-users mailing list
Alans,
Have 2 questions, is there any limitation (beside hardware) on number of
views? I mean creating a view/customer?
And is there any limitation for number of zones/view?
You cannot use views to group zones for customers.
I have recently on this list proposed an extension to the view
?
And is there any limitation for number of zones/view?
You cannot use views to group zones for customers.
I have recently on this list proposed an extension to the view concept to
be able to do
this, but nobody has commented on this proposal.
Views are primarily used for cases, when IP-adresses
On 10/31/2010 4:48 AM, Alans wrote:
Have 2 questions, is there any limitation (beside hardware) on number of
views? I mean creating a view/customer?
And is there any limitation for number of zones/view?
Instead of saying how many views can I get, I think you would be much
better off saying
Alan Clegg,
Can you perhaps explain your need to fragment the DNS namespace (which
was NOT supposed to be done)?
I cannot speak for Alans, but only for our own needs.
We run DNSes for a number of customers i.e. everybody in the whole world should
see the
same zone data. No different views of
On 10/31/2010 05:48 PM, Alan Clegg wrote:
On 10/31/2010 4:48 AM, Alans wrote:
Instead of saying how many views can I get, I think you would be much
better off saying why am I trying to implement more views.
I'm trying to implement something similar to OpenDNS in a smaller scale.
i.e. letting
24 matches
Mail list logo