[RPZ] Bind, rpz and views
Vernon Schryver
vjs at rhyolite.com
Fri Dec 16 19:01:37 UTC 2011
> From: Job <Job at colliniconsulting.it>
> To: "dnsrpz-interest at lists.isc.org" <dnsrpz-interest at lists.isc.org>
> i am trying to setup some blacklists foqr some users.
>
> I have a file for every blacklist, example: blacaklistA blacklistB blacklistC.
>
> I have to assign different combination of A B C to users.
>
> I created dns bind view that, by matching source ip client, provide
> different answer according to match-clients.
>
> The problems is that, when scaling this configuration, bind
> requests lots of memory because, if the blacklistA file is requested
> from 100 different users in 100 different view, it loads 100 times
> the file!
>
> Is there a way to reuse that same file without loading it, in
> memory, "n" times?
In the BIND9 implementation, response policy zones are much the same
as any other zone in a view. That implies that BIND9 policy zones
have the general strengths and weaknesses of BIND9 views and zones
for providing DNS services for large numbers of customers.
Would it be possible to assign each of the 100 customers to one of 8
views corresponding to the 8 possible combinations of the 3 blacklists?
Vernon Schryver vjs at rhyolite.com
More information about the DNSfirewalls
mailing list