Sharing addresses
Kevin Darcy
kcd at daimlerchrysler.com
Thu Mar 22 02:00:55 UTC 2007
F GV wrote:
> Thanks in advance for answering.
> What options do i have, if i have to show part of my ip addresses (services) to 32 servers, all of them with their own Internet providers only with firewall permissions to access my services:
>
> 1. Configure views?
> 2. Configure one server only with that information i want to share them via slave servers?
>
> Maybe is an impossible question but i have to know.
> Thanks.
>
It's not quite clear what you're asking. Views would be appropriate if
you wanted the same name to resolve differently for different clients,
e.g. if you wanted www.example.com to resolve to 1.1.1.1 for one client,
but resolve to 2.2.2.2 for some other client. Those addresses could then
be different physical interfaces on the same server, handled under
different NAT rules, or perhaps be totally different servers on
different networks (e.g. in some sort of content-distribution scheme).
If, on the other hand, you're trying to *restrict* access to parts of
your network on a client-by-client basis, you can't really use DNS alone
to do that. Anyone wishing unauthorized access could just use bare IP
addresses instead of names, and that would most probably defeat any
DNS-based access restriction scheme you put in place. It's the job of a
firewall or a device similar to, or acting like a firewall, to enforce
restrictions like that. Ultimately, DNS is a translation service --
typically, the translation is name-to-address or address-to-name -- not
an enforcement mechanism.
- Kevin
More information about the bind-users
mailing list