rfc1918 ns records coming from internet are queried?
David Sparks
dave at ca.sophos.com
Thu Nov 27 19:29:07 UTC 2008
Thanks, the suggestion below looks like it might be what I'm looking for.
ds
> You can in fact set up the environment I described using views. Just
> have the private view forward to the internet view. The following
> resolving name server will ignore referrals to private name servers
> for outside names; note that it's missing the masters list definition
> named "private-auth-servers", plus the options statement, but is
> otherwise complete.
>
> acl "private" {
> 10/8;
> 172.16/12;
> 192.168/16;
> # does not include 127/8
> };
> view "private" {
> match-clients { private; };
> # forward unknown names to the internet view:
> forward only;
> forwarders { 127.0.0.1; };
> # stub, slave, or forward zones for the private namespace:
> zone "private.zone" {
> type stub;
> masters { private-auth-servers; };
> file "stub.private.zone";
> forwarders { }; # disable forwarding for stub zones
> };
> };
> view "internet" {
> server 10/8 { bogus yes; };
> server 172.16/12 { bogus yes; };
> server 192.168/16 { bogus yes; };
> allow-query { 127.0.0.1; };
> };
More information about the bind-users
mailing list