Hi Oskar,
It seems you are asking the same question as the one in the thread
titled "RPZ based on destination".
I just replied there and you may find the answer helpful.
Best regards,
-- George
On 05/07/2022 17:46, Oskar Almlöv via Unbound-users wrote:
Hi,
I would like to somehow tag or assign clients to a view based on the
destination address of the client query.
If for example a client /(10.10.0.1) /queries the server /(10.20.0.1)/ I
would like to match on the address /10.20.0.1./
The background is that I have multiple rpz zones (blocklists) and would
like the client to be able to choose which "blocklists" to apply to
their queries by configuring their resolver based on a list that I
provide. Client addresses are random and not under my control.
The list might look something like:
--------------------------------------------
block ads: 10.20.0.1
block trackers: 10.20.0.2
block ads & trackers: 10.20.0.3/
/--------------------------------------------
Using BIND I would define a view and match on the query destination IP
like this:
/--------------------------------------------------/
view block-ads {
match-destinations { 10.20.0.1; };
zone "adblock.rpz" {
[ .. ]
};
};
/--------------------------------------------------
/I've read through the documentation and have found the
/access-control-{tag,view}/ statements but they only seem to operate on
the client source address. Is there an option like this that I've just
missed *or is there a better way of achieving something similar to what
I'm describing using unbound?***A workaround could be to create a
mapping between the destination IP and some random addresses and SNATing
incoming queries behind those random IPs in order to match on them. But
that sounds very hacky and not something I would like to do.
****
Thanks for reading.
--
//Oskar
