What does 'match-destinations' match?
Jim Reid
jim at rfc1035.com
Thu Sep 30 17:44:11 UTC 2004
>>>>> "Benjamin" == Walkenhorst, Benjamin <Benjamin.Walkenhorst at telekom.de> writes:
Benjamin> Hello everyone, I see that you can define a view not
Benjamin> only by the clients that get to see it, but also by
Benjamin> setting 'match-destinations', which takes an address
Benjamin> match list. But what does it refer to? The address of
Benjamin> the nameserver or the destination of the query?
Aren't these the same thing? Isn't the destination of a DNS query the
IP address of some name server?
When a view is differentiated using a match-destinations{} ACL, it's
the destination address of the query that gets used for selection.
Typically, this would be used on a multi-homed name server, perhaps
one that runs on a bastion host at the edge of the network. ie One
interface is connected to the internet and another connects to the
internal net.
This is just another way of distinguishing clients. Instead of using
the address(es) they send their queries from, it uses the address(s)
they send them to.
More information about the bind-users
mailing list