Different DNS responses depending on query source
The host that runs my internal DNS server is down for the count (I've already replaced the power supply on it once, and I don't feel like doing it again). Although I had other uses planned for that machine, the only useful thing it was doing was DNS for a local net and DHCP, the latter I've moved to my firewall box (running m0n0wall). So, until I build a replacement machine, I'd like to run the DNS service on 6.2-RELENG machine on my DMZ. However I have a conflict between providing IPs for the outside world to see, eg n114.ewd.goldmark.org172.64.118.114 versus what I want when querying from the local network, eg, n114.ewd.goldmark.org10.1.10.131 Also there are some internal names (eg, fluffy.ewd.goldmark.org) which shouldn't be advertised to the outside world at all. The obvious answer would be to run two instances of bind, listening on different IPs (possibly using jails). But I don't have an IP address to spare on the DMZ. So is there a way to have bind listening on the only interface and IP address the host can have give different answers depending on where the query comes from? Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Different DNS responses depending on query source
On Thursday 11 October 2007 17:55:20 Jeffrey Goldberg wrote: The obvious answer would be to run two instances of bind, listening on different IPs (possibly using jails). But I don't have an IP address to spare on the DMZ. So is there a way to have bind listening on the only interface and IP address the host can have give different answers depending on where the query comes from? http://www.isc.org/sw/bind/arm95/Bv9ARM.ch04.html#id2570613 -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Different DNS responses depending on query source
Jeffrey Goldberg wrote: The host that runs my internal DNS server is down for the count (I've already replaced the power supply on it once, and I don't feel like doing it again). Although I had other uses planned for that machine, the only useful thing it was doing was DNS for a local net and DHCP, the latter I've moved to my firewall box (running m0n0wall). So, until I build a replacement machine, I'd like to run the DNS service on 6.2-RELENG machine on my DMZ. However I have a conflict between providing IPs for the outside world to see, eg n114.ewd.goldmark.org172.64.118.114 versus what I want when querying from the local network, eg, n114.ewd.goldmark.org10.1.10.131 Also there are some internal names (eg, fluffy.ewd.goldmark.org) which shouldn't be advertised to the outside world at all. The obvious answer would be to run two instances of bind, listening on different IPs (possibly using jails). But I don't have an IP address to spare on the DMZ. So is there a way to have bind listening on the only interface and IP address the host can have give different answers depending on where the query comes from? Cheers, -j You can use BIND's view statement: http://www.isc.org/sw/bind/arm94/Bv9ARM.ch06.html#view_statement_grammar HTH, Yuri ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Different DNS responses depending on query source
Hello Jeff: -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd- [EMAIL PROTECTED] On Behalf Of Jeffrey Goldberg Sent: Thursday, October 11, 2007 8:55 AM To: freebsd-questions@freebsd.org Subject: Different DNS responses depending on query source The host that runs my internal DNS server is down for the count (I've already replaced the power supply on it once, and I don't feel like doing it again). Although I had other uses planned for that machine, the only useful thing it was doing was DNS for a local net and DHCP, the latter I've moved to my firewall box (running m0n0wall). So, until I build a replacement machine, I'd like to run the DNS service on 6.2-RELENG machine on my DMZ. However I have a conflict between providing IPs for the outside world to see, eg n114.ewd.goldmark.org 172.64.118.114 versus what I want when querying from the local network, eg, n114.ewd.goldmark.org 10.1.10.131 Also there are some internal names (eg, fluffy.ewd.goldmark.org) which shouldn't be advertised to the outside world at all. The obvious answer would be to run two instances of bind, listening on different IPs (possibly using jails). But I don't have an IP address to spare on the DMZ. So is there a way to have bind listening on the only interface and IP address the host can have give different answers depending on where the query comes from? Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ I think what you're looking for is Bind Views. Check out: http://www.isc.org/sw/bind/arm93/Bv9ARM.ch06.html#id2562349 Regards, Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Different DNS responses depending on query source
On Oct 11, 2007, at 11:10 AM, Yuri Pankov wrote: Jeffrey Goldberg wrote: So is there a way to have bind listening on the only interface and IP address the host can have give different answers depending on where the query comes from? You can use BIND's view statement: http://www.isc.org/sw/bind/arm94/ Bv9ARM.ch06.html#view_statement_grammar Thank you and others who have pointed out the the view statement in BIND 9 does exactly what I want. I (obviously) hadn't been aware of the view statement until now. I'd also like to thank Jonathan Horne who off-list pointed me to a detailed article with examples he wrote that covers precisely my case. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
