filtering results to subnets
Barry Margolin
barmar at alum.mit.edu
Sat Jul 19 03:05:42 UTC 2008
In article <g5rjuf$1a1u$1 at sf1.isc.org>,
Jerome Haltom <wasabi at larvalstage.net> wrote:
> I have a desire to filter A records returned to clients that are outside
> of certain subnets. Basically my zone has a lot of private addresses in
> it. I'm cool with this.
>
> I'd like those private addresses to only be sent to other private
> addresses. Any non private address should not receive them.
>
> I know views is an option for this. The problem there is I actually have
> to maintain two zones. This is actually a slave zone from an Active
> Directory server, where host records come and go all the time,
> automatically, and which I'm not going to manipulate into a view by
> hand. I also don't mind AXFR's and IXFR's returning the private
> addresses.
>
> If such a feature does not exist, does anybody have any opinions about
> the potential to add such a feature? I'd envision a syntax like
> sortlist:
>
> filter
> {
> {
> 0/0;
> {
> !192.168.0.0/16;
> };
> };
> {
> 192.168.0.0/16;
> {
> 192.168.0.0/16;
> };
> };
> };
>
> Or something.
How would a syntax like this deal with anything other than A records?
For instance, how would it know to filter out MX records?
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list