On Tue, Apr 26, 2016 at 10:22 AM, Ali Jawad <alijaw...@gmail.com> wrote:
> Hi Bob > I did have a look at > http://www.zytrax.com/books/dns/ch7/rpz.html#policy-client-ip-trigger , > and while in theory it can be used in a way similar to ACL I cant see how > it accommodates for faster changes, would you please elaborate ? > You are correct, my mistake. Looks like you can only block the client completely, and not change just one answer for the client, so that will not work for you. -- Bob Harold > On Tue, Apr 26, 2016 at 4:46 PM, Bob Harold <rharo...@umich.edu> wrote: > >> >> On Mon, Apr 25, 2016 at 5:30 PM, Carl Byington <c...@byington.org> wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA512 >>> >>> On Mon, 2016-04-25 at 23:23 +0300, Ali Jawad wrote: >>> > based on a user tool the users "hundreds in corporate environment" get >>> > either public or private zone, >>> >>> Rather than the tool writing an ACL for bind, can the tool instead >>> reconfigure the user's local workstation dns settings to point to one of >>> two different (sets of) bind servers? One serves the public zone, one >>> serves the private zone. >>> >>> >>> >> You might be able to use RPZ to give a list of users a different answer >> for certain queries, and that can be dynamically updated quickly, if I >> understand it correctly. That might work better than ACLs and views for a >> fast-changing list of users. >> >> -- >> Bob Harold >> >> >> >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users