Hi Greg,
thanks for your insights.
Ok so the limit of 64 response policy zones applies to one view.
I wonder, assuming the views are orthogonal (no overlapping of CIDRs, as
in an ISP assigning CIDRs to local loops):
1. is there an algorithm in bind9 or out there that quickly maps a
client IP address to a CIDR, e.g. a something like a binary tree
quicksearch ? or balanced red-black tree ? top-down sequential
processing sounds very inefficient.
2. if RPZ records are held in memory, why would an RPZ zone need to be
stored n times if there are n orthogonal views ? That is, why the more
views the more memory needed. Maybe you meant the qpcache, to store
different answers, though I don't understand how that works.
Best regards
Carlos
On 24/08/2024 08:36, Greg Choules wrote:
Hi Carlos.
If you have enough RAM it should be possible to create multiple views,
each with a zone (primary or secondary, up to you) that contains the
RPZ data for that view and a response-policy that uses that zone.
The limit on number of zones is per response-policy block. But if
you're using separate blocks inside each view, each r-p block
referring to only one zone, then that limit is not relevant.
Bear in mind that views are processed top down, so if you have a lot
of them it can take a (relatively) long time to match clients to the
ones at the bottom. Also, by default, each view has its own cache,
hence the need for a lot of RAM.
I would try it out on a lab server first.
Hope that helps.
Cheers, Greg
On Fri, 23 Aug 2024 at 20:43, Carlos Horowicz via bind-users
<bind-users@lists.isc.org> wrote:
Hello List,
an ISP has brought a case where several customers do not agree
with our web interface portal that lets select different RPZ zones
to be activated for a set of resolvers that are common to all
customers. They even belong to different countries where some
domains are banned.
Given the case that I start treating provisioned CIDRs from
customers as a base for views, does bind9.18.* support a huge
number of views with different rpz zones activated per view ?
I recall having read in the documentation about a limitation of 64
rpz zones in total, is this a number that can be configured, or
even be set to "unlimited" ?
Thanks in advance
Carlos Horowicz
Planisys
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
