Resolve DNS Queries Based on Source IPs in BIND (NEED ADVISE)
Tony Finch
dot at dotat.at
Tue Nov 19 12:17:28 UTC 2019
Md. abdullah Al naser via bind-users <bind-users at lists.isc.org> wrote:
> But I want to do like this, the dns queries from 192.168.10.0/24 blocks
> will be matched with RPZ zone and other requests from rest of IPs will
> bypass the RPZ configuration and will match my general "allow-query
> {any;}" statement mentioned in named.conf file.
The way I would do this is with views, e.g.
view main {
match-clients {
192.168.10.0/24;
};
response-policy {
zone "rpz";
};
zone rpz {
# as usual
};
# rest of view config
};
view clear {
# shared cache is more efficient
attach-cache main;
# rest of view config
};
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Lands End to St Davids Head including the Bristol Channel: Southerly or
southeasterly 5 to 7, but 3 or 4 at first in the Bristol Channel, then perhaps
gale 8 later in west. Smooth or slight at times in Bristol Channel, otherwise
moderate or rough, occasionally very rough in west. Occasional rain mainly in
west. Moderate or good, occasionally poor mainly in west.
More information about the bind-users
mailing list