Hi David,
On 6/11/19 2:05 PM, David Bank wrote:
About a week-and-a-half ago, I wrote into the list, looking for some
help configuring RPZ.
Thank you for the follow up with details on how someone else could
reproduce this for themselves if they find themselves with a similar
need / desire.
About a week-and-a-half ago, I wrote into the list, looking for some
help configuring RPZ. I wanted to have a name server (zurg) in a special
network that, when queried for two specific hosts (andy and sid) in a
zone, would give replies from its own information, while forwarding on all
other
On 5/29/19 3:15 PM, Jon wrote:
Hi Grant,
Hi,
I don't usually wade in on these but I also believe RPZ would be the
simplest way to achieve this.
I tend to agree.
DNSSEC can complicate this a bit (requiring additional settings).
In order to keep the same zone working with 10. Addressing for
Hi Grant,
I don't usually wade in on these but I also believe RPZ would be the
simplest way to achieve this.
You're close I think. Using Carl's information and what you've done there,
add the following.
In order to keep the same zone working with 10. Addressing for all other
(not in bubble) clie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2019-05-29 at 09:05 -0400, David Bank wrote:
> Re-reading the ARM, it seemed to me that I needed to add a
After adding the zone and the response-policy statement to named.conf, I
presume you did:
rndc reconfig
To test that you can:
On Tue, 28 May 2019, Carl Byington via bind-users wrote:
Hi, Carl - thanks for replying.
On zurg, add a new dns zone rpz.ncdot.gov
Your suggestion didn't work for me.
To test your suggestion, I had to add a "forwarders" statement to get
zurg to query buzz/woody; prior to testing,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tue, 2019-05-28 at 13:13 -0400, David Bank wrote:
> Perhaps I'm missing something, but I don't see how to make zurg reply
> with 192.168/16 IPs for andy and sid, but correctly resolve the rest
> of *.internal.local
On zurg, add a new dns zone rpz
On 5/28/19 11:13 AM, David Bank wrote:
Hello, Grant! Thanks for replying.
Hi.
You're welcome.
No - the bubble is its own world for the most part. No reason for
general 10/8 inhabitants to try to talk to 192.168/16 - the very, very
few hosts that need to talk in 192.168/16 already have
To me this looks like it could be done with a bit of programming.
If the addresses of the two hosts needed in 192.168.x.x don't change too
often, a cron job could read those addresses and set them in zurg as
dynamic entries using nsupdate. The time for cron would be smaller than
the TTL of the RRs
On Tue, 28 May 2019, Grant Taylor via bind-users wrote:
Hello, Grant! Thanks for replying.
On 5/28/19 10:16 AM, David Bank wrote:
To recap what I'm attempting to create: a host in the 10. network knows
to ask buzz or woody for DNS resolution, and if such a host wants to
resolve andy.internal.l
On 5/28/19 10:16 AM, David Bank wrote:
I want to configure zurg so that it will refer ALL requests to buzz or
woody; however, when a request is made to resolve andy.internal.local or
sid.internal.local, then zurg rewrites those IPs from the 10. addresses
that buzz and woody know about to 192.16
11 matches
Mail list logo
