From owner-freebsd-questions@FreeBSD.ORG Fri Sep 12 20:30:16 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 827B816A4BF for ; Fri, 12 Sep 2003 20:30:16 -0700 (PDT) Received: from noir.propagation.net (noir.propagation.net [63.249.159.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5090243FDF for ; Fri, 12 Sep 2003 20:30:13 -0700 (PDT) (envelope-from robert@rs.tarrant.tx.us) Received: from 63.249.128.247 ([63.249.128.247]) by noir.propagation.net (8.9.3p2/8.8.5) with ESMTP id WAA02581; Fri, 12 Sep 2003 22:30:40 -0500 From: robert schlotterbeck To: Ronj_clark@yahoo.com, FreeBSD Questions Date: Fri, 12 Sep 2003 22:30:50 -0500 User-Agent: KMail/1.5 References: <20030913031152.72191.qmail@web10009.mail.yahoo.com> In-Reply-To: <20030913031152.72191.qmail@web10009.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200309122230.50438.robert@rs.tarrant.tx.us> Subject: Re: FreeBSD and DNS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Sep 2003 03:30:16 -0000 You can use BIND's view options for this. It would require BIND 9 Info can be found at http://sysadmin.oreilly.com/news/views_0501.html quick sample: acl "local-addresses" { 10.0.0.0/8; 127.0.0.1/32; }; view "internal" { match-clients { local-addresses; }; recursion yes; zone "domain.tld" in { type master; file "domain.tld.internal"; }; }; view "external" { match-clients { 0/0; }; recursion no; zone "domain.tld" in { type master; file "domain.tld.external"; masters { 66.34.148.127; }; allow-transfer { secondary-nameservers; }; }; }; Robert On Friday 12 September 2003 10:11 pm, Ronnie Clark wrote: > Hello all, > > I have a questions that I just cannot get my brain > around. I have a home network and use FreeBSD as my > firewall using IPFW. It is also my internal DNS > server, handling name resolution for inside the > network and passing requests to the internet. I have > my own domain, and use a free DNS service to point to > my static IP from the outside. But as of late, the DNS > service has come under DOS attack. So, if I want to > host my own DNS records, so that people on the outside > get my static, routable internet IP address, plus my > reverse DNS record, can I still have the DNS service > serve my internal requests? Can you have an A record > point to the same machine, yet list two different IP > addresses? Or do I need to move my internal DNS to > another system to serve the inside? Please help, brain > in knots over this one. > > Thanks, > RC >