On Wed, May 21, 2008 at 10:21:05PM -0400, Steve Bertrand wrote:

[...]
> My authoritative name server (service, eventually cluster) will 
> eventually house about 500 domains, which I want only recursive DNS 
> servers that come from the root .tld down to see (no caching).
> 
> The caching name server (service, and eventually cluster) will see tens 
> of thousands of our clients requests (we are an ISP) to use as their DNS 
> lookup, which will perform recursive lookups that we are not 
> authoritative for.
> 
> I'm sorry, I don't know how to put it into other words, other than I 
> want complete separation from dns authoritative and dns caching services 
> to be disparate.

Let's say your authoritative server is listening on IP-A, and your
caching server is listening on IP-B; both ip-addresses are on the same
host. We can have a named instance listening on both addresses, with
multiple views like:

        /*
                Used by root .tld.
         */
    view "authoritative"
    {
        match-destination
        {
            IP-A;
        };
        recursion no;

        zone "my.authoritative.org"
        {
            type master;
            ...
        };
                ....
    }

        /*
                Use by our client requests.
         */
    view "caching"
    {
        match-destination
        {
            IP-B;
        };
        recursion yes;

        zone "my.authoritative.org"
        {
            type master;
            ...
        };
                ....
    }

The "match-destination" inspects the DNS address used by the client to
query to determine which view to use. Would this suit your purpose?
-- 
Jonathan Chen <[EMAIL PROTECTED]>
----------------------------------------------------------------------
                                         "Nyuck, nyuck, nyuck" - Curly
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to