From owner-freebsd-questions@FreeBSD.ORG Thu May 22 03:59:16 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 09BD4106564A for ; Thu, 22 May 2008 03:59:16 +0000 (UTC) (envelope-from jonc@chen.org.nz) Received: from chen.org.nz (ip-58-28-152-174.static-xdsl.xnet.co.nz [58.28.152.174]) by mx1.freebsd.org (Postfix) with ESMTP id A04158FC14 for ; Thu, 22 May 2008 03:59:15 +0000 (UTC) (envelope-from jonc@chen.org.nz) Received: by chen.org.nz (Postfix, from userid 1000) id 67EC32841C; Thu, 22 May 2008 15:59:13 +1200 (NZST) Date: Thu, 22 May 2008 15:59:13 +1200 From: Jonathan Chen To: Steve Bertrand Message-ID: <20080522035913.GA78449@osiris.chen.org.nz> References: <48345138.8080507@ibctech.ca> <4834599A.1090108@infracaninophile.co.uk> <4834A7B4.9030302@ibctech.ca> <20080521232319.GA57359@osiris.chen.org.nz> <4834B7EE.3000002@ibctech.ca> <20080522020619.GA69543@osiris.chen.org.nz> <4834D891.6050707@ibctech.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4834D891.6050707@ibctech.ca> User-Agent: Mutt/1.4.2.3i Cc: freebsd-questions@freebsd.org Subject: Re: Multiple instances of BIND at startup X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 May 2008 03:59:16 -0000 On Wed, May 21, 2008 at 10:21:05PM -0400, Steve Bertrand wrote: [...] > My authoritative name server (service, eventually cluster) will > eventually house about 500 domains, which I want only recursive DNS > servers that come from the root .tld down to see (no caching). > > The caching name server (service, and eventually cluster) will see tens > of thousands of our clients requests (we are an ISP) to use as their DNS > lookup, which will perform recursive lookups that we are not > authoritative for. > > I'm sorry, I don't know how to put it into other words, other than I > want complete separation from dns authoritative and dns caching services > to be disparate. Let's say your authoritative server is listening on IP-A, and your caching server is listening on IP-B; both ip-addresses are on the same host. We can have a named instance listening on both addresses, with multiple views like: /* Used by root .tld. */ view "authoritative" { match-destination { IP-A; }; recursion no; zone "my.authoritative.org" { type master; ... }; .... } /* Use by our client requests. */ view "caching" { match-destination { IP-B; }; recursion yes; zone "my.authoritative.org" { type master; ... }; .... } The "match-destination" inspects the DNS address used by the client to query to determine which view to use. Would this suit your purpose? -- Jonathan Chen ---------------------------------------------------------------------- "Nyuck, nyuck, nyuck" - Curly