On Thu, Jun 11, 2015 at 10:11 AM, Tony Finch <d...@dotat.at> wrote: > McDonald, Dan <dan.mcdon...@austinenergy.com> wrote: > >> Is there a way to use RPZ to return different answers depending on the >> ip address of the querying box? > > Yes in 9.10 but not in 9.9. However I think rpz-client-ip triggers rewrite > all queries from metching clients, so it probably isn't what you want. > > (To be honest, I think hosts files sound like a plausible solution to your > problem!)
You (Dan, not Tony!) said: "application servers burried deep behind a few layers of reverse proxies and load balancers" - if your DNS servers are *also* behind this sort of thing you may be able to use the load-balancers (or policy routing) to route internal folk to different name-servers, which have different answers. I'm not sure *why* you would do this instead of views / rpz, but, well, you could... "All problems in computer science can be solved by another level of indirection, except of course for the problem of too many indirections." -- David Wheeler W > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ > Biscay, Fitzroy: Cyclonic, 5 to 7, decreasing 4 at times. Slight or moderate, > occasionally rough in west Fitzroy. Thundery rain, fog patches. Good, > occasionally very poor. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
