What does 'match-destinations' match?

Jim Reid jim at rfc1035.com
Thu Sep 30 17:44:11 UTC 2004


>>>>> "Benjamin" == Walkenhorst, Benjamin <Benjamin.Walkenhorst at telekom.de> writes:

    Benjamin> Hello everyone, I see that you can define a view not
    Benjamin> only by the clients that get to see it, but also by
    Benjamin> setting 'match-destinations', which takes an address
    Benjamin> match list.  But what does it refer to?  The address of
    Benjamin> the nameserver or the destination of the query? 

Aren't these the same thing? Isn't the destination of a DNS query the
IP address of some name server?

When a view is differentiated using a match-destinations{} ACL, it's
the destination address of the query that gets used for selection. 
Typically, this would be used on a multi-homed name server, perhaps
one that runs on a bastion host at the edge of the network. ie One
interface is connected to the internet and another connects to the
internal net.

This is just another way of distinguishing clients. Instead of using
the address(es) they send their queries from, it uses the address(s) 
they send them to.


More information about the bind-users mailing list