server records & firewalls
James Raftery
james-bind-users at now.ie
Wed Jan 10 16:57:52 UTC 2001
On Wed, Jan 10, 2001 at 01:23:47PM +0000, nahanab at my-deja.com wrote:
> Now, I want the DNS to, on the same query,
> answer with different server records depending on if the user is on the
> LAN or the WAN side of the fiewall.
>
> Can bind do this?
Yes; usng one of two methods. First involves using two nameserver
processes -- one on the internal interface and one on the external
interface. You configure them to load their zones from seperate zone
data files and so can control what answers are given to internal and
external clients. This is usually called "split dns" and there's plenty
of docs on the web describing how to do it. Starting from
http://www.dns.net/dnsrd/ is a good bet.
The other option is to use BIND9, which has a "views" feature. This
allows BIND9 to answer from different zone data files depending on the
source IP address of the query. One one nameserver process is needed.
The BIND9 ARM (in doc/arm of the distribution) describes the views
mechanism in detail.
james
--
James Raftery (JBR54)
"Managing 4000 customer domains with BIND has been a lot like
herding cats." - Mike Batchelor, on dns at list.cr.yp.to.
More information about the bind-users
mailing list