Disabling RPZ for a few clients / views sharing zones
Evan Hunt
each at isc.org
Thu Feb 6 20:36:54 UTC 2014
On Thu, Feb 06, 2014 at 03:10:03PM -0500, Chuck Anderson wrote:
> > You have always been able to do this with include files.
>
> I'm not sure how this helps. If you do this:
>
> Then the "global" view sees updates to example.com quickly, as soon as
> NOTIFY is sent by the master and the zone is transferred. However,
> the "no-rpz" view doesn't see changes to example.com in a timely
> manner. I've had to wait awhile (SOA refresh) for new records to
> appear and old records to disappear from the "no-rpz" view's
> example.com zone.
You can have one view send a NOTIFY to the other view using
TSIG; there's a recipe for this in the bind9 FAQ.
Also, in the upcoming BIND 9.10, a single zone object can be
shared between two views:
view us {
match-clients { localnets; };
zone "example.com" {
type slave;
masters { ... };
};
};
view them {
zone "example.com" {
in-view us;
};
};
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list