Possible to condition a view based on the interface the query comes in on?
Tony Finch
dot at dotat.at
Thu Nov 18 22:14:27 UTC 2021
Fred Morris <m3047 at m3047.net> wrote:
>
> Didn't see any reason that it had to be separate instances of BIND,
> thought maybe I could do it with views, but I've run into a couple of
> roadblocks:
>
> 1. listen-on isn't supported in views.
Right, listen-on is for the server as a whole.
To control which view is used to answer a query based on the server
address, use the `match-destinations` option. For details see
https://bind9.readthedocs.io/en/v9_16_23/reference.html#view-statement-grammar
> 2. internet wisdom augurs that response-policy isn't supported either.
Don't believe everything you read on the internet :-)
Yes, you can have different RPZ configurations in different views.
Another trick that's useful for the kind of setup you are planning is to
use the `attach-cache` option so that your views can share the same cache.
This improves performance and reduces memory usage. It still works with
differing RPZ policies because RPZ only affects the responses sent to
clients; RPZ doesn't change how recursion works or what records are saved
in the cache.
Tony.
--
f.anthony.n.finch <dot at dotat.at> https://dotat.at/
Fair Isle, Faeroes: Westerly or southwesterly 7 to severe gale 9,
occasionally storm 10 for a time in Faeroes, decreasing 5 to 7 later.
Rough or very rough, becoming high for a time. Occasional rain.
Moderate, occasionally poor.
More information about the bind-users
mailing list