From owner-freebsd-questions@FreeBSD.ORG Thu Oct 11 16:11:35 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 733A616A421 for ; Thu, 11 Oct 2007 16:11:35 +0000 (UTC) (envelope-from yuri.pankov@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by mx1.freebsd.org (Postfix) with ESMTP id 0858A13C474 for ; Thu, 11 Oct 2007 16:11:34 +0000 (UTC) (envelope-from yuri.pankov@gmail.com) Received: by nf-out-0910.google.com with SMTP id b2so510780nfb for ; Thu, 11 Oct 2007 09:11:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:from; bh=G08fkSRBEEovJjdIHtuTRwI3Wh/YNuAnS2tBCiVRZdA=; b=ppQeYMQx3d7b1UTEG8l4wwSB44/atgLuEZuQ74UcIpdZesJ6dlVP6fH6YmsSSg9tglU4WGxO5uRVXsZ0+b3pWSCXHjgZjS5FJbxU3tc+4x4ZzaAZ2TMhhZsTtKoZdiebb7fzxYf8cQ681upGVqDwEeYOqF6BIdZ6OSK5TA4hAS4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:from; b=GM4DCxt4QrTLrXS2SA1gNMNF5P2N6KEFDzSwTsurSewAMuXPEmWrdvutXyf0aaqKotnHcEcJahMno7pxxiz/7XYxsL6k99L1Pmip+Mh3muiGUYSlq2aoTnTUKlWNK+/PNeQxBlxaQPxvlGDKFOOd5Q04+URX1TsLGyRkVsIHbGY= Received: by 10.78.122.16 with SMTP id u16mr1591801huc.1192119093036; Thu, 11 Oct 2007 09:11:33 -0700 (PDT) Received: from ?194.186.18.14? ( [194.186.18.14]) by mx.google.com with ESMTPS id 36sm1357029huc.2007.10.11.09.11.28 (version=SSLv3 cipher=RC4-MD5); Thu, 11 Oct 2007 09:11:31 -0700 (PDT) Message-ID: <470E4AFC.9070505@mail.ru> Date: Thu, 11 Oct 2007 20:10:36 +0400 User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: Jeffrey Goldberg References: <82158399-7871-4582-984C-61BC2462543C@goldmark.org> In-Reply-To: <82158399-7871-4582-984C-61BC2462543C@goldmark.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit From: Yuri Pankov Cc: freebsd-questions@freebsd.org Subject: Re: Different DNS responses depending on query source X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Oct 2007 16:11:35 -0000 Jeffrey Goldberg wrote: > The host that runs my internal DNS server is down for the count (I've > already replaced the power supply on it once, and I don't feel like > doing it again). Although I had other uses planned for that machine, > the only useful thing it was doing was DNS for a local net and DHCP, the > latter I've moved to my firewall box (running m0n0wall). > > So, until I build a replacement machine, I'd like to run the DNS service > on 6.2-RELENG machine on my DMZ. However I have a conflict between > providing IPs for the outside world to see, eg > > n114.ewd.goldmark.org 172.64.118.114 > > versus what I want when querying from the local network, eg, > > n114.ewd.goldmark.org 10.1.10.131 > > Also there are some internal names (eg, fluffy.ewd.goldmark.org) which > shouldn't be advertised to the outside world at all. > > The obvious answer would be to run two instances of bind, listening on > different IPs (possibly using jails). But I don't have an IP address to > spare on the DMZ. So is there a way to have bind listening on the only > interface and IP address the host can have give different answers > depending on where the query comes from? > > Cheers, > > -j > > > You can use BIND's "view" statement: http://www.isc.org/sw/bind/arm94/Bv9ARM.ch06.html#view_statement_grammar HTH, Yuri