Sharing addresses

Kevin Darcy kcd at
Thu Mar 22 02:00:55 UTC 2007

F GV wrote:
> Thanks in advance for answering.
> What options do i have, if i have to show part of my ip addresses (services) to 32 servers, all of them with their own Internet providers only with firewall permissions to access my services:
> 1. Configure views?
> 2. Configure one server only with that information i want to share them via slave servers?
> Maybe is an impossible question but i have to know.
> Thanks.
It's not quite clear what you're asking. Views would be appropriate if 
you wanted the same name to resolve differently for different clients, 
e.g. if you wanted to resolve to for one client, 
but resolve to for some other client. Those addresses could then 
be different physical interfaces on the same server, handled under 
different NAT rules, or perhaps be totally different servers on 
different networks (e.g. in some sort of content-distribution scheme).

If, on the other hand, you're trying to *restrict* access to parts of 
your network on a client-by-client basis, you can't really use DNS alone 
to do that. Anyone wishing unauthorized access could just use bare IP 
addresses instead of names, and that would most probably defeat any 
DNS-based access restriction scheme you put in place. It's the job of a 
firewall or a device similar to, or acting like a firewall, to enforce 
restrictions like that. Ultimately, DNS is a translation service -- 
typically, the translation is name-to-address or address-to-name -- not 
an enforcement mechanism.

                        - Kevin

More information about the bind-users mailing list