Hi,I would like to somehow tag or assign clients to a view based on the destination address of the client query. If for example a client /(10.10.0.1) /queries the server /(10.20.0.1)/ I would like to match on the address /10.20.0.1./
The background is that I have multiple rpz zones (blocklists) and would like the client to be able to choose which "blocklists" to apply to their queries by configuring their resolver based on a list that I provide. Client addresses are random and not under my control.
The list might look something like: -------------------------------------------- block ads: 10.20.0.1 block trackers: 10.20.0.2 block ads & trackers: 10.20.0.3/ /--------------------------------------------Using BIND I would define a view and match on the query destination IP like this:
/--------------------------------------------------/
view block-ads {
match-destinations { 10.20.0.1; };
zone "adblock.rpz" {
[ .. ]
};
};
/--------------------------------------------------
/I've read through the documentation and have found the
/access-control-{tag,view}/ statements but they only seem to operate on
the client source address. Is there an option like this that I've just
missed *or is there a better way of achieving something similar to what
I'm describing using unbound?***A workaround could be to create a
mapping between the destination IP and some random addresses and SNATing
incoming queries behind those random IPs in order to match on them. But
that sounds very hacky and not something I would like to do.
**** Thanks for reading. -- //Oskar
OpenPGP_0xE80ABA566810FD7C.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
