Reuse RPZ zones between views
Jesus Cea
jcea at jcea.es
Wed Jun 12 21:11:59 UTC 2024
On 12/6/24 21:46, Mark Andrews wrote:
> Have you read the fine documentation on BIND where it is stated this is not (currently) possible?
>
> If you want to extend named to support this we would be happy to review a change request. It is complicated however which is why it has not been done.
Oh, a single line in page 257: "An in-view zone cannot be used as a
response policy zone.". Acked.
Ok.
I have checked the source code in librpz.h and dnsrps.c. Quite scary...
So, I have a question about what are the best practices to configure
different RPZs for different clients without paying the overhead of
loading multiple times the same RPZ. With 8 different RPZ, there are 256
combinations (views) and the memory overhead would be RPZx128!
I wonder about librpz and dnsrps. The source is quite difficult and
opaque, and I see no documentation anywhere beside a passing mention to
"dnsrps-enable" and "dnsrps-options". Any hint?
--
Jesús Cea Avión _/_/ _/_/_/ _/_/_/
jcea at jcea.es - https://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
Twitter: @jcea _/_/ _/_/ _/_/_/_/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
More information about the bind-users
mailing list