Fwd: Need feedback on RPZ service setup
larskulseng at gmail.com
Thu Jan 5 22:09:29 UTC 2017
tor. 5. jan. 2017 kl. 16:54 skrev Tony Finch <dot at dotat.at>:
> Lars Kulseng <larskulseng at gmail.com> wrote:
> > I wasn't aware that the ACL-clause could include TSIG-keys as well as
> > IP-addresses. So far I've been using the masters-clause to make the
> > list of servers and keys, but also using the server-clause. Perhaps the
> > server-clause is unnecessary, and I can simply refer to a defined key and
> > an IP-address in a masters-clause and use this as the ACL?
> OK, to make this a bit more specific (because I feel I was waving my hands
> too much above) I'd do something like the following
I quite like this setup. It's nice to have the ACL with just keys. Any
other thoughts on the naming of the zone? If I wanted to obfuscate the
name, I could use a reserved TLD like .test or .invalid. This would never
appear in the wild.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users