Fwd: Need feedback on RPZ service setup
Lars Kulseng
larskulseng at gmail.com
Thu Jan 5 22:09:29 UTC 2017
tor. 5. jan. 2017 kl. 16:54 skrev Tony Finch <dot at dotat.at>:
> Lars Kulseng <larskulseng at gmail.com> wrote:
> >
> > I wasn't aware that the ACL-clause could include TSIG-keys as well as
> > IP-addresses. So far I've been using the masters-clause to make the
> actual
> > list of servers and keys, but also using the server-clause. Perhaps the
> > server-clause is unnecessary, and I can simply refer to a defined key and
> > an IP-address in a masters-clause and use this as the ACL?
>
>
> OK, to make this a bit more specific (because I feel I was waving my hands
> too much above) I'd do something like the following
>
>
>
I quite like this setup. It's nice to have the ACL with just keys. Any
other thoughts on the naming of the zone? If I wanted to obfuscate the
name, I could use a reserved TLD like .test or .invalid. This would never
appear in the wild.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170105/ac7a6c90/attachment.html>
More information about the bind-users
mailing list