<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 13/05/22 09:02, Grant Taylor via
bind-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:c06c97df-f76a-e5dc-ebb9-8b2288d8d290@spamtrap.tnetconsulting.net">On
5/12/22 2:41 PM, Nick Tait via bind-users wrote:
<br>
<blockquote type="cite">This sounds like exactly the sort of use
case for Response Policy Zones:
<br>
</blockquote>
<br>
How are you going to have RPZ return different addresses for
different clients? Are you suggesting use different RPZs with
different contents for different clients?
<br>
</blockquote>
<p>Yes, although now that I think through the details it turns out
to be much messier than I first thought, because there doesn't
seem to be a way to specify "not" in the RPZ...</p>
<p>Also I should point out that I'm assuming that a PASSTHRU result
in one RPZ will still result in subsequent RPZs being processed. I
haven't actually tested this, so its possible I'm misunderstanding
the documentation?</p>
<p>Anyway in the interests of following this all the way though,
let's assume you had 3 clients and you wanted them to each receive
a different answer to the query "<a class="moz-txt-link-abbreviated" href="http://www.example.com">www.example.com</a>":</p>
<p>Suppose their IP addresses are:</p>
<blockquote>A = 192.0.2.10<br>
B = 192.0.2.20<br>
C = 192.0.2.30<br>
</blockquote>
<p>Then, if I'm not mistaken, you could create 3 RPZ zones:</p>
<p>Zone file for "a.rpz.mylocaldomain.com" contains (in addition to
SOA, etc):</p>
<blockquote>; Don't overwrite the answer for queries received from
clients B & C<br>
32.20.2.0.192.rpz-client-ip IN CNAME rpz-passthru.<br>
32.30.2.0.192.rpz-client-ip IN CNAME rpz-passthru.<br>
<br>
; Change the answer to the question <a class="moz-txt-link-abbreviated" href="http://www.example.com">www.example.com</a><br>
<a class="moz-txt-link-abbreviated" href="http://www.example.com">www.example.com</a> IN A 10.0.0.1<br>
</blockquote>
<p>Zone file for "b.rpz.mylocaldomain.com" contains (in addition to
SOA, etc):</p>
<blockquote>; Don't overwrite the answer for queries received from
clients A & C<br>
32.10.2.0.192.rpz-client-ip IN CNAME rpz-passthru.<br>
32.30.2.0.192.rpz-client-ip IN CNAME rpz-passthru.<br>
<br>
; Change the answer to the question <a class="moz-txt-link-abbreviated" href="http://www.example.com">www.example.com</a><br>
<a class="moz-txt-link-abbreviated" href="http://www.example.com">www.example.com</a> IN A 10.0.0.2<br>
</blockquote>
<p>Zone file for "c.rpz.mylocaldomain.com" contains (in addition to
SOA, etc):</p>
<blockquote>; Don't overwrite the answer for queries received from
clients A & B<br>
32.10.2.0.192.rpz-client-ip IN CNAME rpz-passthru.<br>
32.20.2.0.192.rpz-client-ip IN CNAME rpz-passthru.<br>
<br>
; Change the answer to the question <a class="moz-txt-link-abbreviated" href="http://www.example.com">www.example.com</a><br>
<a class="moz-txt-link-abbreviated" href="http://www.example.com">www.example.com</a> IN A 10.0.0.3<br>
</blockquote>
<p>And then configure BIND to use all three RPZs:</p>
<blockquote>
<p>response-policy {<br>
zone "a.rpz.mylocaldomain.com";
<br>
zone "b.rpz.mylocaldomain.com";
<br>
zone "c.rpz.mylocaldomain.com";
<br>
};<br>
</p>
</blockquote>
<p>
</p>
<p>
</p>
<p>Scalability is obviously a challenge with this particular
solution! :-(<br>
</p>
<p>So on reflection, there are probably better solutions to the
problem that you are trying to solve. Although I don't personally
have experience with it, wonder if "dnsmasq" might do what you
need?<br>
</p>
<p>Thanks,<br>
</p>
<p>Nick.<br>
</p>
</body>
</html>