spliting access to DNS zone

Lincoln Yeoh lyeoh at pop.jaring.nospam.my
Tue Mar 28 15:47:13 UTC 2000


On 27 Mar 2000 15:36:14 -0800, "Dmitri Toubelis" <dtoubelis at home.com>
wrote:

>Hi, Everyone,
>
>I've got one zone for Internet and intranet usage and I would like to
>restrict access to intranet part of records to Intranet users only. Can I do
>this with bind-8.2.2.

Yep. I'm doing it right now. I'm running two nameds on a single machine (in
chrooted environments for a bit better security).

You can put them on separate servers, but I only had one :(.

The intranet named uses the Internet named as forwarder.

Internet named
    External access-
	Only serves external version of mydomain.com (nonrecursively).
	Only serves my IP range (nonrecursively).
    Intranet named access-
	Allows recursive queries for anything.

Intranet named
	serves internal version of mydomain.com
	allows recursive queries for anything.

OK, in theory you don't need the intranet named and just rely on ACLs to
control stuff. However, I'm hoping that in event the external named gets
cracked, the internal named and other stuff won't be as easily affected.
Nothing in the chroot environment is owned by the named user. 

Cheerio,

Link.
****************************
Reply to:     @Spam to
lyeoh at      @people at uu.net
pop.jaring.my @ 
*******************************



More information about the bind-users mailing list