Restricting what a DNS server returns to a client

Alex Sharaz A.Sharaz at hull.ac.uk
Thu Nov 29 10:52:55 UTC 2007


Chaps,
 

 

Looking for a bit of advice / pointers to appropriate web pages

 

 

 

We are currently running a pilot 802.1x authenticated wired network in
one of our halls of residence. Basically if authentication works the
client system is placed in a VLAN that has a "less restrictive" set of
firewall rules associated with it. If authentication fails, the client
machine is placed in a seriously restricted VLAN that blocks all access
to the outside world and only allows access to certain http hosts on our
network.

 

 

 

One of the problems we've got is that there are a lot of systems out
there that have never seen a Windows update and we'd like to configure
things so that  even if a user is on our restricted vlan they can access
the windows update site. I can use our dhcp server to hand out a
different DNS server ip address to any system on the restricted network.

What I'd like to do then is either restrict or alter what the dns server
returns to the client. E.g. 

 

 

 

1). Running windows update on the client machine will correctly return
IP addresses for the Microsoft update service and "just work"

 

2). Resolution of a number of local machines will "just work" 

 

3). All other attempts to resolve a FQDN into an IP address return a
single local IP address associated with a particular web server on our
network.

 

 

 

Any suggestions as to how i might do this using bind 9.4.1-P1,which is
what I'm currently running would be appreciated.

 

Alex

 

 





More information about the bind-users mailing list