Date: Thu, 11 Oct 2007 20:10:36 +0400 From: Yuri Pankov <yuri.pankov@gmail.com> To: Jeffrey Goldberg <jeffrey@goldmark.org> Cc: freebsd-questions@freebsd.org Subject: Re: Different DNS responses depending on query source Message-ID: <470E4AFC.9070505@mail.ru> In-Reply-To: <82158399-7871-4582-984C-61BC2462543C@goldmark.org> References: <82158399-7871-4582-984C-61BC2462543C@goldmark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeffrey Goldberg wrote: > The host that runs my internal DNS server is down for the count (I've > already replaced the power supply on it once, and I don't feel like > doing it again). Although I had other uses planned for that machine, > the only useful thing it was doing was DNS for a local net and DHCP, the > latter I've moved to my firewall box (running m0n0wall). > > So, until I build a replacement machine, I'd like to run the DNS service > on 6.2-RELENG machine on my DMZ. However I have a conflict between > providing IPs for the outside world to see, eg > > n114.ewd.goldmark.org 172.64.118.114 > > versus what I want when querying from the local network, eg, > > n114.ewd.goldmark.org 10.1.10.131 > > Also there are some internal names (eg, fluffy.ewd.goldmark.org) which > shouldn't be advertised to the outside world at all. > > The obvious answer would be to run two instances of bind, listening on > different IPs (possibly using jails). But I don't have an IP address to > spare on the DMZ. So is there a way to have bind listening on the only > interface and IP address the host can have give different answers > depending on where the query comes from? > > Cheers, > > -j > > > You can use BIND's "view" statement: http://www.isc.org/sw/bind/arm94/Bv9ARM.ch06.html#view_statement_grammar HTH, Yuri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?470E4AFC.9070505>