Different DNS replies depending on IP block

Kevin Darcy kcd at chrysler.com
Fri Aug 22 21:34:04 UTC 2008


KurtKraut wrote:
> I own a service that has mirrors all around the world. I'd like to
> Bind to respond a DNS request of my A ADDRESSes differently, depending
> on the IP block that made the request
>
> For instance, from a computer from an ISP provider would have this:
>
> [root at computer1 etc]# host bbs.archlinux.org
> bbs.archlinux.org is an alias for archlinux.org.
> archlinux.org has address 66.211.213.17
>
> And another person from another ISP would have:
>
> [root at ktk7 etc]# host bbs.archlinux.org
> bbs.archlinux.org is an alias for archlinux.org.
> archlinux.org has address 208.69.32.230
>
> In #bind over irc.freenode.net, some folks recommended me the 'view'
> directive. So, I put in my named.conf:
>
> view "brazil" {
>       match-clients { 201.17.105.0/24; };
>       zone "brlink.org" {
>             type master;
>             file "/etc/bind/db.brlink.br";
>       };
> };
>
> view "international" {
>       match-clients { any; };
>       zone "brlink.org" {
>            type master;
>            file "/etc/bind/db.brlink.int";
>       };
> };
>
>
> I've used 201.17.105.0/24 only for testing porpuse because I own a
> server inside this block.
>
> The results I'm getting are this: if in the named.conf the 'view
> brazil' is the first directive, all DNS requests, no matter where they
> came from, will be replied with db.brlink.br. If 'view international'
> is the first directive to be read in named.conf, any IP address will
> receive it's contents. What am I missing ? How should I proceed ?
>
>   
Views work as advertised, we have a plethora of them in our BGN (Border 
Gateway Network) environment.

Are you sure you restarted your nameservers after each change to your 
named.conf?

With modern versions of BIND you get the name of the view on each query 
log entry. You could use that to confirm which view the queries are 
getting matched by.

                                                                         
                        - Kevin



More information about the bind-users mailing list