[RPZ] R: Bind, rpz and views

Job Job at colliniconsulting.it
Mon Dec 19 11:36:04 UTC 2011

Hi Vernon!

Thank you for the reply, but it is a problem to make predeterminated combination of blacklists; another issue is that every user needs an rpz personal-blacklist file, so the view must be owned only by one user.

I am working, since some days, with Bind-Flz, it seems stable and robust... let's hope! :)


Da: Vernon Schryver [vjs at rhyolite.com]
Inviato: venerdì 16 dicembre 2011 20.01
A: dnsrpz-interest at lists.isc.org; Job
Oggetto: Re: [RPZ] Bind, rpz and views

> From: Job <Job at colliniconsulting.it>
> To: "dnsrpz-interest at lists.isc.org" <dnsrpz-interest at lists.isc.org>

> i am trying to setup some blacklists foqr some users.
> I have a file for every blacklist, example: blacaklistA blacklistB blacklistC.
> I have to assign different combination of A B C to users.
> I created dns bind view that, by matching source ip client, provide
> different answer according to match-clients.
> The problems is that, when scaling this configuration, bind
> requests lots of memory because, if the blacklistA file is requested
> from 100 different users in 100 different view, it loads 100 times
> the file!
> Is there a way to reuse that same file without loading it, in
> memory, "n" times?

In the BIND9 implementation, response policy zones are much the same
as any other zone in a view.  That implies that BIND9 policy zones
have the general strengths and weaknesses of BIND9 views and zones
for providing DNS services for large numbers of customers.

Would it be possible to assign each of the 100 customers to one of 8
views corresponding to the 8 possible combinations of the 3 blacklists?

Vernon Schryver    vjs at rhyolite.com

More information about the DNSfirewalls mailing list