Hammers and nails...
On Tue, 16 Mar 2021, Marki wrote:
On 3/13/2021 12:11 AM, Tony Finch wrote:
Marki wrote:
But if you need granular filtering, that could become a lot of views...
Yes, I think RPZ is really designed to be a ban hammer [...]
Standard DNS server software (not only Bind)
On 3/13/2021 12:11 AM, Tony Finch wrote:
Marki wrote:
But if you need granular filtering, that could become a lot of views...
Yes, I think RPZ is really designed to be a ban hammer for dealing with
abuse, rather than a general-purpose access control mechanism. If you need
to get really fancy
Marki wrote:
>
> But if you need granular filtering, that could become a lot of views...
Yes, I think RPZ is really designed to be a ban hammer for dealing with
abuse, rather than a general-purpose access control mechanism. If you need
to get really fancy then you should look at dnsdist which
On 3/9/2021 10:21 PM, Tony Finch wrote:
Marki wrote:
I'm not sure about the flexibility of RPZ; it doesn't seem that I can
have rules like "client 1.2.3.4 is allowed to look up example.com but
client 1.2.3.5 is not".
You can have multiple response-policy zones, which are matched in the
order
Marki wrote:
>
> Concerning static-stub: Using a (bogus) forwarder together with "forward
> first" (default) seems to work (Note: using "forward only" gives SERVFAIL).
> All outside requests get a SERVFAIL even with "forward first" but that's an
> esthetic problem.
Yes, SERVFAIL is ugly - I
On 3/9/2021 6:03 PM, Tony Finch wrote:
Marki wrote:
I am seeking a combination of either a combined configuration on one, or a
config of several different DNS servers together to achieve the following:
* Some clients should be able to resolve authoritative local zones as well as
some
Marki wrote:
>
> I am seeking a combination of either a combined configuration on one, or a
> config of several different DNS servers together to achieve the following:
>
> * Some clients should be able to resolve authoritative local zones as well as
> some forwarded zones.
>
> * Other clients
Where is it sending recursive queries if it owns the root?
On Sun, Mar 7, 2021 at 3:06 AM Marki wrote:
> I tried that. When you configure no global forwarders it's going to
> recurse because recursion needs to be enabled for the individual forwarded
> zones to work. You'd have to specify a fake
I tried that. When you configure no global forwarders it's going to recurse
because recursion needs to be enabled for the individual forwarded zones to
work. You'd have to specify a fake global forwarder which looks like a hack.
On March 7, 2021 10:09:49 AM GMT+01:00, Crist Clark
wrote:
>Two
Two views. The view that does not do internet DNS claims authority for the
root and does not global forward. The entire DNS is just the zones defined
in the view, which can be authoritative or forwarded. The other view has
the global forward-only to upstream resolvers.
On Sat, Mar 6, 2021 at 3:34
I'm not sure:
> Some clients should be able to resolve authoritative local zones as
well as some forwarded zones.
And only that. "forward only;" doesn't cut it, in case you mean the
global option. That would still forward everything else somewhere else.
The requirement is to _only_ resolve
forward only;
On Fri, Mar 5, 2021 at 5:19 PM Marki wrote:
> Hello,
>
> I am seeking a combination of either a combined configuration on one, or
> a config of several different DNS servers together to achieve the
> following:
> * Some clients should be able to resolve authoritative local zones
12 matches
Mail list logo
