views-based RPZ

[G.W. Haywood]

Hi there,

On Sat, 24 Aug 2024, Carlos Horowicz wrote:

> ...
> ... is there an algorithm in bind9 or out there that quickly maps a
> client IP address to a CIDR, e.g. a something like a binary tree
> quicksearch ? or balanced red-black tree ?

I don't know if this is going to help, but we use IP to CIDR lookups
routinely in our spam filtering.  MaxMind provides the raw data, which
we use for this and several other purposes.

There's a lot more in the raw data than just IP/CIDR relationships.
We do some processing on the raw data from MaxMind to populate tables
in the forms we want to have available.

Lookups using Postgres from a database server which runs on _very_
modest hardware take of the order of milliseconds.  I'll be happy to
give more details of the setup (on or off list) if it would be useful.
It isn't rocket science but I will be the first to admit that, although
a hardware implementation could probably cost under a hundred dollars,
it may sound rather like a sledgehammer to crack this particular nut.

I wondered to myself if there might be any mileage in using something
like Docker to provide per-client resolver instances instead of using
multiple BIND views.  I probably just need more sleep.

-- 

73,
Ged.