views-based RPZ
Petr Špaček
pspacek at isc.org
Mon Aug 26 08:20:43 UTC 2024
On 25. 08. 24 9:20, Greg Choules via bind-users wrote:
> Regarding view selection, I don't know exactly how the code works or how
> efficient it is. But certainly I have seen some configs with a lot of
> views and they seem to function OK.
Views are matched one by one, you can have a look at function
get_matching_view() in file bin/named/server.c.
Having said that, the matching can be fast enough or not depending on
the configuration. Typically it's better to do a test in lab than theorize.
Petr Špaček
Internet Systems Consortium
> What sort of QPS are each of your servers handling?
>
> Cheers, Greg
>
> On Sun, 25 Aug 2024 at 05:27, Grant Taylor via bind-users
> <bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>> wrote:
>
> On 8/24/24 07:37, Carlos Horowicz via bind-users wrote:
> > 2. if RPZ records are held in memory, why would an RPZ zone need
> to be
> > stored n times if there are n orthogonal views ? That is, why the
> more
> > views the more memory needed. Maybe you meant the qpcache, to store
> > different answers, though I don't understand how that works.
>
> I believe that some newer versions of BIND can share zone information
> across multiple views. Check out the "in-view" statement that goes
> in a
> zone {...} clause.
>
> Link - Chapter 7 BIND zone clause
> - https://www.zytrax.com/books/dns/ch7/zone.html#in-view
> <https://www.zytrax.com/books/dns/ch7/zone.html#in-view>
More information about the bind-users
mailing list