On 5/15/23 1:58 PM, Kereszt Vezeték wrote:
Hi Everybody
Hi,
I have a dns server in my private network with a local domain. The dns
server forward the public request to the google dns server . I wold like
separate hosts in the inside network.
One group allow only the local host resolve, not forward to the 8.8.8.8
.Other group allow the local hosts resolve, and able to forward to the
google dns server.
Are there any way to solve this problem with bind9 ?
It seems to me like this may be described a authoritative only without
recursion and both authoritative and recursive service.
With this in mind, I'd wonder, if BIND's recursion restrictions might
suffice. E.e. allow 192.168.1.10 & 192.168.1.11 to make recursive
queries which get forwarded to ${UPSTREAM_DNS_PROVIDER} while only
serving local authoritative content to 192.168.1.20 & 192.168.1.21.
I assume there is some nuance that I'm over looking / haven't had enough
caffeine to properly appreciate yet.
But this is what I'd try myself.
N.B. you probably want to also apply the similar ACL to querying the
cache, lest 192.168.1.20 & 192.168.1.21 be able get things out of cache
that 192.168.1.10 & 192.168.1.11 queried from ${UPSTREAM_DNS_PROVIDER}.
Grant. . . .
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
