rfc1918 ns records coming from internet are queried?

David Sparks dave at ca.sophos.com
Thu Nov 27 19:29:07 UTC 2008


Thanks, the suggestion below looks like it might be what I'm looking for.

ds

> You can in fact set up the environment I described using views. Just
> have the private view forward to the internet view. The following
> resolving name server will ignore referrals to private name servers
> for outside names; note that it's missing the masters list definition
> named "private-auth-servers", plus the options statement, but is
> otherwise complete.
> 
> acl "private" {
>         10/8;
>         172.16/12;
>         192.168/16;
>         # does not include 127/8
> };
> view "private" {
>         match-clients { private; };
>         # forward unknown names to the internet view:
>         forward only;
>         forwarders { 127.0.0.1; };
>         # stub, slave, or forward zones for the private namespace:
>         zone "private.zone" {
>                 type stub;
>                 masters { private-auth-servers; };
>                 file "stub.private.zone";
>                 forwarders { }; # disable forwarding for stub zones
>         };
> };
> view "internet" {
>         server 10/8 { bogus yes; };
>         server 172.16/12 { bogus yes; };
>         server 192.168/16 { bogus yes; };
>         allow-query { 127.0.0.1; };
> };



More information about the bind-users mailing list