<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi,</p>
<p>I would like to somehow tag or assign clients to a view based on
the destination address of the client query. <br>
If for example a client <i>(10.10.0.1) </i>queries the server <i>(10.20.0.1)</i>
I would like to match on the address <i>10.20.0.1.</i></p>
<p>The background is that I have multiple rpz zones (blocklists) and
would like the client to be able to choose which "blocklists" to
apply to their queries by configuring their resolver based on a
list that I provide. Client addresses are random and not under my
control. <br>
The list might look something like:<br>
--------------------------------------------<br>
block ads: 10.20.0.1<br>
block trackers: 10.20.0.2<br>
block ads & trackers: 10.20.0.3<i><br>
</i>--------------------------------------------<br>
</p>
Using BIND I would define a view and match on the query destination
IP like this:<br>
<i>--------------------------------------------------</i><br>
view block-ads {<br>
match-destinations { 10.20.0.1; };<br>
zone "adblock.rpz" {<br>
[ .. ]<br>
};<br>
};<br>
<i>--------------------------------------------------<br>
<br>
</i>I've read through the documentation and have found the <i>access-control-{tag,view}</i>
statements but they only seem to operate on the client source
address. Is there an option like this that I've just missed <b>or
is there a better way of achieving something similar to what I'm
describing using unbound?</b><b> </b>A workaround could be to
create a mapping between the destination IP and some random
addresses and SNATing incoming queries behind those random IPs in
order to match on them. But that sounds very hacky and not something
I would like to do.<br>
<b></b><b> </b><br>
Thanks for reading.
<pre class="moz-signature" cols="72">--
//Oskar</pre>
</body>
</html>