Sharing zones between views to conserve memory

Jan Gutter jang at
Thu Jan 10 09:46:22 UTC 2013

On Thu, Jan 10, 2013 at 11:17 AM, Jan Gutter <jang at> wrote:
> Thanks for the suggestions!
> I'm currently investigating two options: the local view and forwarded
> zones, and I'm going to check out if I can write a fast DLZ lookup to
> share the RPZ zones between the views. Caching is not a big problem
> here, the "shared zones" should only change about once per month.

> However, it seems RPZ doesn't like "forward" type zones in the
> response-policy stanza. I have a nasty feeling I'm missing something
> obvious, though.

Hah, after a bit of source-code examination and googling, I found the
following paragraph:

3.2. Designated RPZs must be primary or secondary zones, since RPZs
   cannot be queried on the wire, only searched in the recursive server's
   own storage.  A "zone" statement must therefore be given for the RPZ,
   with all necessary "masters" clauses, each having all necessary "key"
   subclauses.  It is often a good idea to include "allow-query {none;};"
   in the zone statement to refuse ordinary, non-rewriting queries of the
   policy data.

quoted from

I guess I'm going to have to investigate the DLZ option then.
(Un)Fortunately, some other priority work has come up, so I'm just
adding more RAM for a stop-gap and will look at it again in a month or

Thanks again for all your feedback!

Jan Gutter

More information about the bind-users mailing list