Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 20 Apr 2003 11:44:31 +0200
From:      Paul Schenkeveld <fb-net@psconsult.nl>
To:        Jeremy Chadwick <freebsd@jdc.parodius.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: BIND-8/9 interface bug? Or is it FreeBSD?
Message-ID:  <20030420114431.A74015@psconsult.nl>
In-Reply-To: <20030419223913.GA51072@parodius.com>; from freebsd@jdc.parodius.com on Sat, Apr 19, 2003 at 03:39:13PM -0700
References:  <20030419064801.GA11635@parodius.com> <1050791079.007237.719.nullmailer@cicuta.babolo.ru> <20030419223913.GA51072@parodius.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Jeremy,

On Sat, Apr 19, 2003 at 03:39:13PM -0700, Jeremy Chadwick wrote:
>         I hadn't considered jails --  I can't believe I forgot about
>         them.  An excellent idea.
> 
>         For now, I've moved both of my nameservers over to relying
>         entirely on the public IP network for transmission of
>         everything, and as expected, it works great.  I might have
>         to try the jail method for the private network!

I've had good results running separate named instances for internal and
external zoned within jails for two or three years now.

Reading the last few messages in this thread another possible solution
came to mind.  What about adding host routes for the public address
to send all this traffic over your private network.  This does not
limit traffic to DNS, in fact all traffic between the two machines
will be over your private link whether the private or the public
address is used.  Example

    External subnet, public addresses
    ---------------+--------------------------------+---------------
                   |                                |
                   | p.q.r.a                        | p.q.r.b
    +----------------------------+    +----------------------------+
    |                            |    |                            |
    | route add -host \          |    | route add -host \          |
    |   p.q.r.b 10.0.0.y         |    |   p.q.r.a 10.0.0.x         |
    |                            |    |                            |
    |                            |    |                            |
    |                            |    |                            |
    +----------------------------+    +----------------------------+
                   | 10.0.0.x                       | 10.0.0.y
                   |                                |
                   |                                |
    ---------------+--------------------------------+---------------
    Internal subnet, private addresses

It might be necessary to adjust your ipfw rules a bit but I seem to
remember you allow all traffic over your private interface.

Regards,

Paul Schenkeveld, Consultant
PSconsult ICT Dervices BV

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030420114431.A74015>