Re: Set up a recursive servers to provide different data
On Wed, 2015-06-10 at 17:17 +0800, liumingxing wrote: We have a domain name example.com while now we have application servers that are located in in the localnet with private addresses and ones in the external internet. We want to setup a recursive in local networks that can provide recursive service and auth service that internal users are redirected to the internal servers and the external users are guided to outside servers. Set up one or more authoritative servers that provide two views - an internal and an external view. Then set up your recursive servers anywhere you like. A recursive servers you put in the space served by the internal view will get internally valid responses from your authoritative servers. A recursive server you place outside the space served by the internal view will get externally valid responses from your authoritative servers, as will any other queriers from outside your internal spaces. Queries that don't involve your domain(s) will go to the wider Internet. Aside from setting up the appropriate views and siting the authoritative servers appropriately, you don't need any special configuration for all this to happen. You don't have to configure the recursive servers in any way specially either, except to make sure they accept queries only from your own networks. Don't set up one server as both a recursive and an authoritative server, though. Bad idea. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 Old fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Set up a recursive servers to provide different data
liumingxing liumingx...@cnnic.cn wrote: We hava a domain name example.com while now we have application servers that are located in in the localnet with private addresses and ones in the external internet. We want to setup a recursive in local networks that can provide recursive service and auth service that internal users are redirected to the internal servers and the external users are guided to outside servers. Use views. See http://ftp.isc.org/isc/bind9/9.10.2/doc/arm/Bv9ARM.ch06.html#id2592577 Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Portland, Plymouth: Northeast 6 to gale 8. Moderate or rough. Showers later. Mainly good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Set up a recursive servers to provide different data
Hi, all We hava a domain name example.com while now we have application servers that are located in in the localnet with private addresses and ones in the external internet. We want to setup a recursive in local networks that can provide recursive service and auth service that internal users are redirected to the internal servers and the external users are guided to outside servers. Thanks Mingxing, Liu CNNIC EMAIL:liumingx...@cnnic.cn ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Re: Set up a recursive servers to provide different data
The way you gave is that two views are configured and provided in the auth servers. Maybe the view func of bind is a right method to the problem. I wonder whether this is done in the recursor. There are two ways. First, internal views are configured to the recusor. When the local users are coming, if the quering domain name is the auth one configured to point to the address of internal DNS application servers, the recursor can immediately answers them with the configured view data, otherwise query recursively to outside auth servers for the domain. Second, more than two auth servers are setup. Some have interval data where domain names are pointed to internal servers with private addresses, others are outside servers with public addresses. When internal queries are coming, they are redirected by the targeted recursors to the former, otherwise to the latter. -原始邮件- 发件人: Karl Auer ka...@biplane.com.au 发送时间: 2015-06-10 18:11:13 (星期三) 收件人: bind-users@lists.isc.org 抄送: 主题: Re: Set up a recursive servers to provide different data On Wed, 2015-06-10 at 17:17 +0800, liumingxing wrote: We have a domain name example.com while now we have application servers that are located in in the localnet with private addresses and ones in the external internet. We want to setup a recursive in local networks that can provide recursive service and auth service that internal users are redirected to the internal servers and the external users are guided to outside servers. Set up one or more authoritative servers that provide two views - an internal and an external view. Then set up your recursive servers anywhere you like. A recursive servers you put in the space served by the internal view will get internally valid responses from your authoritative servers. A recursive server you place outside the space served by the internal view will get externally valid responses from your authoritative servers, as will any other queriers from outside your internal spaces. Queries that don't involve your domain(s) will go to the wider Internet. Aside from setting up the appropriate views and siting the authoritative servers appropriately, you don't need any special configuration for all this to happen. You don't have to configure the recursive servers in any way specially either, except to make sure they accept queries only from your own networks. Don't set up one server as both a recursive and an authoritative server, though. Bad idea. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 Old fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.10.2-P1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlV4nkUACgkQL6j7milTFsFZgwCfVhCIEvd4WDFxxQB9ek6u/34i 3CcAoIYJwXXDNZngmFTgYWJyND/MBlWd =Vct0 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
