Dynamic ACL
Grant Taylor
gtaylor at tnetconsulting.net
Fri Apr 10 02:37:04 UTC 2015
On 04/08/2015 07:06 AM, Ali Jawad wrote:
> I am running BIND 9.10 and I have looked through various options
> including DLZ and RPZ but I am still not sure if they can do what I need
> or if i need to look at something different. Here is my scenario and I
> would appreciate if you could advice me.
I'm not aware of any way to do this in BIND. (That doesn't mean that
there isn't, just that I don't know it.)
I would be tempted to have multiple BIND listeners and serve up the
different GEOs on each. Then I'd leverage something like IPTables to
dynamically alter which BIND listener traffic goes to based on the
source IP belonging to different IP sets.
The BIND config would be mostly static and the IPSets are in kernel and
can easily be updated via a script that users interface with. Obviously
you will want to save the lists to a file for persistence across reboots.
--
Grant. . . .
unix || die
More information about the bind-users
mailing list