Reload only ACL

[Bob Harold]

On Tue, Apr 26, 2016 at 10:22 AM, Ali Jawad <alijawad1 at gmail.com> wrote:

> Hi Bob
> I did have a look at
> http://www.zytrax.com/books/dns/ch7/rpz.html#policy-client-ip-trigger ,
> and while in theory it can be used in a way similar to ACL I cant see how
> it accommodates for faster changes, would you please elaborate ?
>


You are correct, my mistake.  Looks like you can only block the client
completely, and not change just one answer for the client, so that will not
work for you.

-- 
Bob Harold



> On Tue, Apr 26, 2016 at 4:46 PM, Bob Harold <rharolde at umich.edu> wrote:
>
>>
>> On Mon, Apr 25, 2016 at 5:30 PM, Carl Byington <carl at byington.org> wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA512
>>>
>>> On Mon, 2016-04-25 at 23:23 +0300, Ali Jawad wrote:
>>> > based on a user tool the users "hundreds in corporate environment" get
>>> > either public or private zone,
>>>
>>> Rather than the tool writing an ACL for bind, can the tool instead
>>> reconfigure the user's local workstation dns settings to point to one of
>>> two different (sets of) bind servers? One serves the public zone, one
>>> serves the private zone.
>>>
>>>
>>>
>> You might be able to use RPZ to give a list of users a different answer
>> for certain queries, and that can be dynamically updated quickly, if I
>> understand it correctly.  That might work better than ACLs and views for a
>> fast-changing list of users.
>>
>> --
>> Bob Harold
>>
>>
>>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160426/468c64d6/attachment.html>