different answers for different users - are views my only option?

Warren Kumari warren at kumari.net
Thu Jun 11 14:19:41 UTC 2015

On Thu, Jun 11, 2015 at 10:11 AM, Tony Finch <dot at dotat.at> wrote:
> McDonald, Dan <Dan.McDonald at austinenergy.com> wrote:
>> Is there a way to use RPZ to return different answers depending on the
>> ip address of the querying box?
> Yes in 9.10 but not in 9.9. However I think rpz-client-ip triggers rewrite
> all queries from metching clients, so it probably isn't what you want.
> (To be honest, I think hosts files sound like a plausible solution to your
> problem!)

You (Dan, not Tony!) said: "application servers burried deep behind a
few layers of reverse proxies and load balancers" - if your DNS
servers are *also* behind this sort of thing you may be able to use
the load-balancers (or policy routing) to route internal folk to
different name-servers, which have different answers.

I'm not sure *why* you would do this instead of views / rpz, but,
well, you could...

"All problems in computer science can be solved by another level of
indirection, except of course for the problem of too many
indirections." -- David Wheeler


> Tony.
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.

