Experiences with RPZ in multiple views

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Experiences with RPZ in multiple views

Matthias Seitz
Hi,

after a couple of test runs it looks like that multiple RPZs in multiple
views works fine, example code snippet bellow (for better understanding)

view "view1" {
    ...

    response-policy {
        RPZ Feed 1
        RPZ Feed 2
        RPZ Feed 3
}; };

view "view2" {
    ...

    response-policy {
        RPZ Feed 1
        RPZ Feed 4
        RPZ Feed 5
}; };

Locally the RPZ feeds needs different file name, that it will work. See
also the bind-users post from Tom <[hidden email]> "BIND-RPZ
and Views"
Does anybody runs RPZ in multiple views in *productive environment* and
do you have any feedback regarding stability, feedback if this runs
smoothly and any other hints?

Cheers,
Matthias

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Experiences with RPZ in multiple views

Bob Harold

On Tue, Jul 4, 2017 at 4:10 AM, Matthias Seitz <[hidden email]> wrote:
Hi,

after a couple of test runs it looks like that multiple RPZs in multiple
views works fine, example code snippet bellow (for better understanding)

view "view1" {
    ...

    response-policy {
        RPZ Feed 1
        RPZ Feed 2
        RPZ Feed 3
}; };

view "view2" {
    ...

    response-policy {
        RPZ Feed 1
        RPZ Feed 4
        RPZ Feed 5
}; };

Locally the RPZ feeds needs different file name, that it will work. See
also the bind-users post from Tom <[hidden email]> "BIND-RPZ
and Views"
Does anybody runs RPZ in multiple views in *productive environment* and
do you have any feedback regarding stability, feedback if this runs
smoothly and any other hints?

Cheers,
Matthias

We use RPZ in two views.  In one view the RPZ zones are active (policy given), and in the other view they are logging-only (policy disabled).  Departments opt-in to RPZ and we add their subnets to the first view.  The second view gives us logs and we can tell departments what would be redirected if they opt-in.

--
Bob Harold
 

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Loading...