Reuse RPZ zones between views
Jesus Cea
jcea at jcea.es
Wed Jun 12 16:38:39 UTC 2024
My RPZ zones are quite big, and I would like to be able to reuse them in
several views sharing the memory instead of independent data structures.
I thought that zone "in-view" would work, but it doesn't.
I am doing something like:
"""
view honeypot {
match-clients { honeypot; };
allow-recursion { honeypot; };
zone "rpz" {
type slave;
[...];
};
response-policy {
zone "rpz" policy disabled; //cname prueba.xx.xx;
} break-dnssec yes;
};
view default {
match-clients { any; };
allow-recursion { any; };
zone "rpz" { in-view "honeypot"; };
response-policy {
zone "rpz";
} break-dnssec yes;
};
"""
Trying to activate that configuration produce an error:
"""
response-policy zone 'rpz' for view default is not a primary or
secondary zone
"""
But "rpz" is secondary (slave) in "honeypot"
I would think this a bug in bind?. I am using version 9.18.25.
Any suggestion beside loading the "rpz" zone separately in each view?.
That would explode my memory usage (I have quite a few views).
--
Jesús Cea Avión _/_/ _/_/_/ _/_/_/
jcea at jcea.es - https://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
Twitter: @jcea _/_/ _/_/ _/_/_/_/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
More information about the bind-users
mailing list