Reload only ACL
Ali Jawad
alijawad1 at gmail.com
Tue Apr 26 14:22:20 UTC 2016
Hi Bob
I did have a look at
http://www.zytrax.com/books/dns/ch7/rpz.html#policy-client-ip-trigger , and
while in theory it can be used in a way similar to ACL I cant see how it
accommodates for faster changes, would you please elaborate ?
On Tue, Apr 26, 2016 at 4:46 PM, Bob Harold <rharolde at umich.edu> wrote:
>
> On Mon, Apr 25, 2016 at 5:30 PM, Carl Byington <carl at byington.org> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> On Mon, 2016-04-25 at 23:23 +0300, Ali Jawad wrote:
>> > based on a user tool the users "hundreds in corporate environment" get
>> > either public or private zone,
>>
>> Rather than the tool writing an ACL for bind, can the tool instead
>> reconfigure the user's local workstation dns settings to point to one of
>> two different (sets of) bind servers? One serves the public zone, one
>> serves the private zone.
>>
>>
>>
> You might be able to use RPZ to give a list of users a different answer
> for certain queries, and that can be dynamically updated quickly, if I
> understand it correctly. That might work better than ACLs and views for a
> fast-changing list of users.
>
> --
> Bob Harold
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160426/ee45b77a/attachment.html>
More information about the bind-users
mailing list