Hey Grant,
On 05-02-16 22:25, Olliver Schinagl wrote:
Hey Grant,
On 30-01-16 03:39, Grant Taylor wrote:
On 01/23/2016 01:47 PM, Olliver Schinagl wrote:
recently I updated to bind-9.10 and noticed that an illegal setup was
finally disallowed. Good things, but I (and others I'm sure) kind of
miss-used this ability. With the change however, I am now looking for
help on restoring similar behavior. Let me explain.
I'm doing something similar with static zones on recent versions of
Bind.
What specific error(s) are you getting?
I have configured my ad zone as a 'regular' set of zones all pointing
to the same 'null' zone and the only problem I really have is that the
newer binds no longer allows you to to do that, point to the same null
zone as it is technically a writable zone.
Ok I have figured out how to use RPZ but did run into one annoyance. I
use views, an internal and an external view and must put the rpz zone
into one of the views (bind complains that when using views, everything
has to be in views). But the RPZ option fails because not all views have
the RPZ zone.
I fixed it by creating a symlink to the actual rpz zone and duplicate
the rpz zone definition in my named.conf. Luckily bind does not complain
about duplicate writes to the same file here (it did when i did point it
to the same file rather then the symlink).
A cleaner solution of course would have been without the symlink or
double entries, but this is very manageable.
To bad this wasn't mentioned at
https://fiasko-nw.net/~thomas/projects/bind9-lawful-interception-vs-commercials.html.en
because it was a very usefull howto otherwise :)
Olliver
I would also suggest you take a look at Response Policy Zone, as I
think it would be more efficient (less memory and faster) than loading
potentially thousands of zones almost empty zones.
I have not heard of RPZ's before, but I'm looking into it as it may be
just what I need.
As a bonus, you could dynamically add / update / remove records from
the RPZ zone without needing to restart Bind.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
