Using bind and ad blocking
oliver at schinagl.nl
Fri Feb 5 23:11:00 UTC 2016
On 05-02-16 22:25, Olliver Schinagl wrote:
> Hey Grant,
> On 30-01-16 03:39, Grant Taylor wrote:
>> On 01/23/2016 01:47 PM, Olliver Schinagl wrote:
>>> recently I updated to bind-9.10 and noticed that an illegal setup was
>>> finally disallowed. Good things, but I (and others I'm sure) kind of
>>> miss-used this ability. With the change however, I am now looking for
>>> help on restoring similar behavior. Let me explain.
>> I'm doing something similar with static zones on recent versions of
>> What specific error(s) are you getting?
> I have configured my ad zone as a 'regular' set of zones all pointing
> to the same 'null' zone and the only problem I really have is that the
> newer binds no longer allows you to to do that, point to the same null
> zone as it is technically a writable zone.
Ok I have figured out how to use RPZ but did run into one annoyance. I
use views, an internal and an external view and must put the rpz zone
into one of the views (bind complains that when using views, everything
has to be in views). But the RPZ option fails because not all views have
the RPZ zone.
I fixed it by creating a symlink to the actual rpz zone and duplicate
the rpz zone definition in my named.conf. Luckily bind does not complain
about duplicate writes to the same file here (it did when i did point it
to the same file rather then the symlink).
A cleaner solution of course would have been without the symlink or
double entries, but this is very manageable.
To bad this wasn't mentioned at
because it was a very usefull howto otherwise :)
>> I would also suggest you take a look at Response Policy Zone, as I
>> think it would be more efficient (less memory and faster) than loading
>> potentially thousands of zones almost empty zones.
> I have not heard of RPZ's before, but I'm looking into it as it may be
> just what I need.
>> As a bonus, you could dynamically add / update / remove records from
>> the RPZ zone without needing to restart Bind.
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users