<div dir="ltr">Hi Grant.<div>That doesn't work for zones that then get used in a `response-policy` block. In this case you *must* define a zone §each time; so one (or up to 64) per view/instance of `response-policy`. Test it on your laptop/in a VM.</div><div>What this does mean is that (if you are using views) you *could* have a different set of RPZ rules (different zone/zone contents) per view, perhaps because certain domains are fine for one set of clients but not fine for others.</div><div><br></div><div>@Carlos to respond to your mail from yesterday:</div><div>The 64 zone limit applies to the `response-policy` block (see above). Here's the reference for that: <a href="https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-response-policy" target="_blank">https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-response-policy</a></div><div>Since there can be only one `r-p` globally (if you don't have user-defined views) or per view (if you do) it kinda amounts to the same thing, but I just wanted to clarify.</div><div><br></div><div>Regarding view selection, I don't know exactly how the code works or how efficient it is. But certainly I have seen some configs with a lot of views and they seem to function OK.</div><div>What sort of QPS are each of your servers handling?</div><div><br></div><div>Cheers, Greg</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, 25 Aug 2024 at 05:27, Grant Taylor via bind-users <<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 8/24/24 07:37, Carlos Horowicz via bind-users wrote:<br>
> 2. if RPZ records are held in memory, why would an RPZ zone need to be <br>
> stored n times if there are n orthogonal views ? That is, why the more <br>
> views the more memory needed. Maybe you meant the qpcache, to store <br>
> different answers, though I don't understand how that works.<br>
<br>
I believe that some newer versions of BIND can share zone information <br>
across multiple views. Check out the "in-view" statement that goes in a <br>
zone {...} clause.<br>
<br>
Link - Chapter 7 BIND zone clause<br>
- <a href="https://www.zytrax.com/books/dns/ch7/zone.html#in-view" rel="noreferrer" target="_blank">https://www.zytrax.com/books/dns/ch7/zone.html#in-view</a><br>
<br>
<br>
<br>
-- <br>
Grant. . . .<br>
-- <br>
Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div>