Authority and forwarding, but not recursion/iteration
bind-users at lists.roth.lu
Tue Mar 16 22:51:46 UTC 2021
On 3/13/2021 12:11 AM, Tony Finch wrote:
> Marki <bind-users at lists.roth.lu> wrote:
>> But if you need granular filtering, that could become a lot of views...
> Yes, I think RPZ is really designed to be a ban hammer for dealing with
> abuse, rather than a general-purpose access control mechanism. If you need
> to get really fancy then you should look at dnsdist which can be
> programmed in Lua.
Just posting this to give everyone my conclusions and how this turned out.
Standard DNS server software (not only Bind) does not provide for easy
whitelist filtering, only blacklists seem to be "en vogue". Like
trusting nearly everyone, except, oh well, what did they teach in
security class? Never mind, we're currently rolling out dnsdist.
@Tony Your feedback has been very to the point, knowledgeable and
fruitful. If you've got an Amazon wishlist (almost wrote whitelist lol)
let me know :D
More information about the bind-users