Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 22 May 2008 15:59:13 +1200
From:      Jonathan Chen <jonc@chen.org.nz>
To:        Steve Bertrand <iaccounts@ibctech.ca>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Multiple instances of BIND at startup
Message-ID:  <20080522035913.GA78449@osiris.chen.org.nz>
In-Reply-To: <4834D891.6050707@ibctech.ca>
References:  <48345138.8080507@ibctech.ca> <4834599A.1090108@infracaninophile.co.uk> <4834A7B4.9030302@ibctech.ca> <20080521232319.GA57359@osiris.chen.org.nz> <4834B7EE.3000002@ibctech.ca> <20080522020619.GA69543@osiris.chen.org.nz> <4834D891.6050707@ibctech.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, May 21, 2008 at 10:21:05PM -0400, Steve Bertrand wrote:

[...]
> My authoritative name server (service, eventually cluster) will 
> eventually house about 500 domains, which I want only recursive DNS 
> servers that come from the root .tld down to see (no caching).
> 
> The caching name server (service, and eventually cluster) will see tens 
> of thousands of our clients requests (we are an ISP) to use as their DNS 
> lookup, which will perform recursive lookups that we are not 
> authoritative for.
> 
> I'm sorry, I don't know how to put it into other words, other than I 
> want complete separation from dns authoritative and dns caching services 
> to be disparate.

Let's say your authoritative server is listening on IP-A, and your
caching server is listening on IP-B; both ip-addresses are on the same
host. We can have a named instance listening on both addresses, with
multiple views like:

	/*
		Used by root .tld.
	 */
    view "authoritative"
    {
        match-destination
        {
            IP-A;
        };
        recursion no;

        zone "my.authoritative.org"
        {
            type master;
            ...
        };
		....
    }

	/*
		Use by our client requests.
	 */
    view "caching"
    {
        match-destination
        {
            IP-B;
        };
        recursion yes;

        zone "my.authoritative.org"
        {
            type master;
            ...
        };
		....
    }

The "match-destination" inspects the DNS address used by the client to
query to determine which view to use. Would this suit your purpose?
-- 
Jonathan Chen <jonc@chen.org.nz>
----------------------------------------------------------------------
                                         "Nyuck, nyuck, nyuck" - Curly

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080522035913.GA78449>