Dynamic ACL

Grant Taylor gtaylor at tnetconsulting.net
Fri Apr 10 02:37:04 UTC 2015


On 04/08/2015 07:06 AM, Ali Jawad wrote:
> I am running BIND 9.10 and I have looked through various options
> including DLZ and RPZ but I am still not sure if they can do what I need
> or if i need to look at something different. Here is my scenario and I
> would appreciate if you could advice me.

I'm not aware of any way to do this in BIND.  (That doesn't mean that 
there isn't, just that I don't know it.)

I would be tempted to have multiple BIND listeners and serve up the 
different GEOs on each.  Then I'd leverage something like IPTables to 
dynamically alter which BIND listener traffic goes to based on the 
source IP belonging to different IP sets.

The BIND config would be mostly static and the IPSets are in kernel and 
can easily be updated via a script that users interface with.  Obviously 
you will want to save the lists to a file for persistence across reboots.



-- 
Grant. . . .
unix || die


More information about the bind-users mailing list