From owner-freebsd-questions@FreeBSD.ORG Thu Oct 11 15:55:25 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F93916A41B for ; Thu, 11 Oct 2007 15:55:25 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id 252CA13C459 for ; Thu, 11 Oct 2007 15:55:24 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 110C6323B4 for ; Thu, 11 Oct 2007 11:55:24 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Thu, 11 Oct 2007 11:55:24 -0400 X-Sasl-enc: W4oqA2Q5sXBRa48JNzcQt7M+5lXHqL6NFsliYBekm7n2 1192118123 Received: from [10.1.10.136] (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTP id C4A2317A86 for ; Thu, 11 Oct 2007 11:55:23 -0400 (EDT) Mime-Version: 1.0 (Apple Message framework v752.2) Content-Transfer-Encoding: 7bit Message-Id: <82158399-7871-4582-984C-61BC2462543C@goldmark.org> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: freebsd-questions@freebsd.org From: Jeffrey Goldberg Date: Thu, 11 Oct 2007 10:55:20 -0500 X-Mailer: Apple Mail (2.752.2) Subject: Different DNS responses depending on query source X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Oct 2007 15:55:25 -0000 The host that runs my internal DNS server is down for the count (I've already replaced the power supply on it once, and I don't feel like doing it again). Although I had other uses planned for that machine, the only useful thing it was doing was DNS for a local net and DHCP, the latter I've moved to my firewall box (running m0n0wall). So, until I build a replacement machine, I'd like to run the DNS service on 6.2-RELENG machine on my DMZ. However I have a conflict between providing IPs for the outside world to see, eg n114.ewd.goldmark.org 172.64.118.114 versus what I want when querying from the local network, eg, n114.ewd.goldmark.org 10.1.10.131 Also there are some internal names (eg, fluffy.ewd.goldmark.org) which shouldn't be advertised to the outside world at all. The obvious answer would be to run two instances of bind, listening on different IPs (possibly using jails). But I don't have an IP address to spare on the DMZ. So is there a way to have bind listening on the only interface and IP address the host can have give different answers depending on where the query comes from? Cheers, -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/