Possible to condition a view based on the interface the query comes in on?

Thu Nov 18 22:21:10 UTC 2021

Look in to "match-destination" in a view, i.e.

acl abcd.anycast {
        10.10.10.1;     
};
view "abcd" {
        match-clients {
                any;
        };
        match-destinations {
                abcd.anycast;
        };
...
};

The response-policy definition (and associated zone) can go into a view, instead of global options.

Stuart

On 19/11/21, 7:40 am, "bind-users on behalf of Fred Morris" <bind-users-bounces at lists.isc.org on behalf of m3047 at m3047.net> wrote:

    [You don't often get email from m3047 at m3047.net. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification.]

    Caution: This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious emails to isitbad at .

    I wanted to provide enhanced recursive DNS to (internal) clients on an
    "opt in" basis, which is to say that clients could choose whether or not
    to receive enhanced replies based on what they configured as their local
    caching resolver. The enhanced services come in the form of a Response
    Policy Zone (RPZ).

    Didn't see any reason that it had to be separate instances of BIND,
    thought maybe I could do it with views, but I've run into a couple of
    roadblocks:

    1. listen-on isn't supported in views.
    2. internet wisdom augurs that response-policy isn't supported either.

    Is there a way to do this or should I bite the bullet and run two copies
    of BIND?

    Thanks in advance...

    --

    Fred Morris

    _______________________________________________
    Please visit https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=04%7C01%7Cstuart%40registry.godaddy%7Cdad3a7b53cce4d00c11708d9aad39ccd%7Cd5f1622b14a345a6b069003f8dc4851f%7C0%7C0%7C637728648249954539%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Gjtq6vOlM%2BQIHcqfrVgJD%2Fzbjm3vLdF%2BKg74%2FtPQsuA%3D&reserved=0 to unsubscribe from this list

    ISC funds the development of this software with paid support subscriptions. Contact us at https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2F&data=04%7C01%7Cstuart%40registry.godaddy%7Cdad3a7b53cce4d00c11708d9aad39ccd%7Cd5f1622b14a345a6b069003f8dc4851f%7C0%7C0%7C637728648249954539%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=xptHiGDaNrn7P99mhYJrI%2Fbw2nAf%2FH7%2FJCRFUvabkrc%3D&reserved=0 for more information.

    bind-users mailing list
    bind-users at lists.isc.org
    https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=04%7C01%7Cstuart%40registry.godaddy%7Cdad3a7b53cce4d00c11708d9aad39ccd%7Cd5f1622b14a345a6b069003f8dc4851f%7C0%7C0%7C637728648249954539%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Gjtq6vOlM%2BQIHcqfrVgJD%2Fzbjm3vLdF%2BKg74%2FtPQsuA%3D&reserved=0