From owner-freebsd-hackers@FreeBSD.ORG Wed Jan 2 22:57:54 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 792F5E16 for ; Wed, 2 Jan 2013 22:57:54 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-la0-f51.google.com (mail-la0-f51.google.com [209.85.215.51]) by mx1.freebsd.org (Postfix) with ESMTP id E6E66900 for ; Wed, 2 Jan 2013 22:57:53 +0000 (UTC) Received: by mail-la0-f51.google.com with SMTP id fj20so6820469lab.24 for ; Wed, 02 Jan 2013 14:57:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=KwlLhEfnsSkJzT1EGTEfe/gNnwQIicca9K03bdvTXNo=; b=wnnAmUVmpNYH5D7+oi2UxPOzMuXylqToOcgvzRUUwn9jbSJyuJQQRzhzJjBCOQ5K9B T3Wh+B93zjvhna0VwWpbOtpBiezzIha3ZiaBi9yr8nOhKS+1RZ/oJCFRCfttwV6Hj161 uPn7M6CKArIm4pTdbQ7JpUfqCcRVl7fyoJHs/NiY/oSeTqJHpyVB1KWUPfE+3Xl7q3Wg qvxn1s38E058J54xsZgN61f2cwIMob0CubB1/rQXcdBNHy8gnB7bc5qUMu/p/nLAg4qs Ko0jIHwBo0W5FTUY3XBVZSSHDzEG0OyomsJ8Qs12gvoq3gQfq7kJyRE4oNHhojI9f+/q h+lA== MIME-Version: 1.0 Received: by 10.112.44.161 with SMTP id f1mr18877255lbm.29.1357167467384; Wed, 02 Jan 2013 14:57:47 -0800 (PST) Received: by 10.114.81.40 with HTTP; Wed, 2 Jan 2013 14:57:47 -0800 (PST) In-Reply-To: References: Date: Wed, 2 Jan 2013 14:57:47 -0800 Message-ID: Subject: Re: OT: getting named to answer differently based on requester's IP From: Freddie Cash To: Aryeh Friedman Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: FreeBSD Mailing List X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jan 2013 22:57:54 -0000 You want to set up views and IP-based ACLs. There's lots of documentation online about configuring views. Basically, they work exactly how you want: - clients with IPs in 192.168.2.x subnet get 192.168.2.x replies - all other clients get public IP replies On Wed, Jan 2, 2013 at 2:33 PM, Aryeh Friedman wrote: > I have a local machine (say "foo.example.com") that is behind a very > dumb firewall (it will not honor dmz/port forwarding if the connection > originates from inside the firewall [192.168.2.X]).... specifically if > I connect to the public IP from *OUTSIDE* of the lan it works but not > from inside... I have a number of web services that depend on a > specific DNS being set (specifically www/tomcat7 and the alike)... > i.e. if I am at home I need to use "localhost" (changing it in > /etc/hosts has no effect) if I am away I need to use > "ack.example.com")... what I want to do is make it so I can use > "ack.example.com" for all references... this means I need to make it > so local requests to ack.example.com answer 192.168.2.2 and remote > ones answer the public IP.. how do I configure named to do this (I > have full control of all the nameservers in question) > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > -- Freddie Cash fjwcash@gmail.com