Hi Petr,
great that you mention where to look into the code, I'm not familiar
with it yet. This is certainly what I'm looking for, the search
algorithm for a client IP to find its view. The lab test depends on an
investment in a Supernic (and the appropriate chassis/Motherboard/PCI
architectu
On 25. 08. 24 9:20, Greg Choules via bind-users wrote:
Regarding view selection, I don't know exactly how the code works or how
efficient it is. But certainly I have seen some configs with a lot of
views and they seem to function OK.
Views are matched one by one, you can have a look at functio
Hi Grant.
That doesn't work for zones that then get used in a `response-policy`
block. In this case you *must* define a zone §each time; so one (or up to
64) per view/instance of `response-policy`. Test it on your laptop/in a VM.
What this does mean is that (if you are using views) you *could* have
On 8/24/24 07:37, Carlos Horowicz via bind-users wrote:
2. if RPZ records are held in memory, why would an RPZ zone need to be
stored n times if there are n orthogonal views ? That is, why the more
views the more memory needed. Maybe you meant the qpcache, to store
different answers, though I d
Hi there,
On Sat, 24 Aug 2024, Carlos Horowicz wrote:
...
... is there an algorithm in bind9 or out there that quickly maps a
client IP address to a CIDR, e.g. a something like a binary tree
quicksearch ? or balanced red-black tree ?
I don't know if this is going to help, but we use IP to CID
Hi Greg,
thanks for your insights.
Ok so the limit of 64 response policy zones applies to one view.
I wonder, assuming the views are orthogonal (no overlapping of CIDRs, as
in an ISP assigning CIDRs to local loops):
1. is there an algorithm in bind9 or out there that quickly maps a
client I
Hi Carlos.
If you have enough RAM it should be possible to create multiple views, each
with a zone (primary or secondary, up to you) that contains the RPZ data
for that view and a response-policy that uses that zone.
The limit on number of zones is per response-policy block. But if you're
using se
Hello List,
an ISP has brought a case where several customers do not agree with our web
interface portal that lets select different RPZ zones to be activated for a set
of resolvers that are common to all customers. They even belong to different
countries where some domains are banned.
Given t
Hello List,
an ISP has brought a case where several customers do not agree with our
web interface portal that lets select different RPZ zones to be
activated for a set of resolvers that are common to all customers. They
even belong to different countries where some domains are banned.
Given
9 matches
Mail list logo
