Reload only ACL
rharolde at umich.edu
Tue Apr 26 16:21:13 UTC 2016
On Tue, Apr 26, 2016 at 10:22 AM, Ali Jawad <alijawad1 at gmail.com> wrote:
> Hi Bob
> I did have a look at
> http://www.zytrax.com/books/dns/ch7/rpz.html#policy-client-ip-trigger ,
> and while in theory it can be used in a way similar to ACL I cant see how
> it accommodates for faster changes, would you please elaborate ?
You are correct, my mistake. Looks like you can only block the client
completely, and not change just one answer for the client, so that will not
work for you.
> On Tue, Apr 26, 2016 at 4:46 PM, Bob Harold <rharolde at umich.edu> wrote:
>> On Mon, Apr 25, 2016 at 5:30 PM, Carl Byington <carl at byington.org> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA512
>>> On Mon, 2016-04-25 at 23:23 +0300, Ali Jawad wrote:
>>> > based on a user tool the users "hundreds in corporate environment" get
>>> > either public or private zone,
>>> Rather than the tool writing an ACL for bind, can the tool instead
>>> reconfigure the user's local workstation dns settings to point to one of
>>> two different (sets of) bind servers? One serves the public zone, one
>>> serves the private zone.
>> You might be able to use RPZ to give a list of users a different answer
>> for certain queries, and that can be dynamically updated quickly, if I
>> understand it correctly. That might work better than ACLs and views for a
>> fast-changing list of users.
>> Bob Harold
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>> bind-users mailing list
>> bind-users at lists.isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users