From owner-freebsd-isp  Wed May 30  9:55:35 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from peak.mountin.net (peak.mountin.net [207.227.119.2])
	by hub.freebsd.org (Postfix) with ESMTP id 700F737B422
	for <freebsd-isp@FreeBSD.ORG>; Wed, 30 May 2001 09:55:27 -0700 (PDT)
	(envelope-from jeff-ml@mountin.net)
Received: (from daemon@localhost)
	by peak.mountin.net (8.9.1/8.9.1) id LAA05775;
	Wed, 30 May 2001 11:55:19 -0500 (CDT)
	(envelope-from jeff-ml@mountin.net)
Received: from dial-16.tnt1.rac.cyberlynk.net(209.224.182.16) by peak.mountin.net via smap (V1.3)
	id sma005769; Wed May 30 11:54:49 2001
Message-Id: <4.3.2.20010530114026.031d3d40@207.227.119.2>
X-Sender: jeff-ml@207.227.119.2
X-Mailer: QUALCOMM Windows Eudora Version 4.3
Date: Wed, 30 May 2001 11:54:17 -0500
To: Jan Knepper <jan@digitaldaemon.com>,
	FreeBSD-ISP <freebsd-isp@FreeBSD.ORG>
From: "Jeffrey J. Mountin" <jeff-ml@mountin.net>
Subject: Re: Using DNS/bind for external and internal IP-block.
In-Reply-To: <3B1405EA.6030407@digitaldaemon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

At 04:26 PM 5/29/01 -0400, Jan Knepper wrote:
>Hi!
>
>Currently I'v got DNS (bind) running for my primary and secundary IP-block 
>which works great.
>However, now I came up with the idea of also DNS'ing the internal network 
>192.168.x.x. By itself no problem, but how do I setup bind in such a way 
>that everything related to the 192.168.x.x. block stays inside the local 
>network.

Use the allow-query feature for the zone to only allow local address to the 
in-addr zone.

>Worse, I would like to use: <prefix-0>.domain.ext, <prefix-1>.domain.ext, 
>etc. for the machines on the local network while domain.ext points to a 
>public IP address.

Not quite sure what you want here.

You could delegate a subdomain to an internal DNS server and restrict 
that.  Don't think the granularity of control allows for records, but 
allow-query could be used for the subdomain's zone.


Jeff Mountin - jeff@mountin.net
Systems/Network Administrator
FreeBSD - the power to serve


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message