Experiences with RPZ in multiple views
Bob Harold
rharolde at umich.edu
Tue Jul 11 13:06:22 UTC 2017
On Tue, Jul 4, 2017 at 4:10 AM, Matthias Seitz <matthias.seitz at switch.ch>
wrote:
> Hi,
>
> after a couple of test runs it looks like that multiple RPZs in multiple
> views works fine, example code snippet bellow (for better understanding)
>
> view "view1" {
> ...
>
> response-policy {
> RPZ Feed 1
> RPZ Feed 2
> RPZ Feed 3
> }; };
>
> view "view2" {
> ...
>
> response-policy {
> RPZ Feed 1
> RPZ Feed 4
> RPZ Feed 5
> }; };
>
> Locally the RPZ feeds needs different file name, that it will work. See
> also the bind-users post from Tom <tomtux007 at gmail.com> "BIND-RPZ
> and Views"
> Does anybody runs RPZ in multiple views in *productive environment* and
> do you have any feedback regarding stability, feedback if this runs
> smoothly and any other hints?
>
> Cheers,
> Matthias
>
We use RPZ in two views. In one view the RPZ zones are active (policy
given), and in the other view they are logging-only (policy disabled).
Departments opt-in to RPZ and we add their subnets to the first view. The
second view gives us logs and we can tell departments what would be
redirected if they opt-in.
--
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170711/7015131f/attachment.html>
More information about the bind-users
mailing list