Defining custom root zone by subnet.

Kevin Darcy kcd at chrysler.com
Tue Jul 13 21:56:36 UTC 2010 

That should work fine, as long as
a) this view definition appears in named.conf before any more general 
view (since views are matched in order),
b) the "zone1" ACL is defined to include all of the address ranges that 
should get the "private" root zone, and
c) "db.lockdown" contains a root zone with only 1 A record -- a wildcard 
entry with the "private IP" as the RDATA -- and no delegations

Note that you don't need "recursion yes" if every query is going to be 
resolved directly from your "fake" root zone.

                                                                         
                                                         - Kevin

On 7/13/2010 6:33 AM, Nadir Aliyev wrote:
> Not helped...
>
>
> view "internal-in" in {
>      match-clients { zone1; };
>      recursion yes;
> 	zone "." {
>          	type master;
>          	file "db.lockdown";
> 	};
> };
>
>
>
> -----Original Message-----
> From: Nadir Aliyev [mailto:nadir at ultel.net]
> Sent: Tuesday, July 13, 2010 3:28 PM
> To: 'Larry Brower'
> Cc: 'bind-users at lists.isc.org'
> Subject: RE: Defining custom root zone by subnet.
>
> Its maybe sily just for you. But not for all.
>
> For example,
> I authorize users via radius with 2 way: without acl and with guest acl.
> So I give same dns servers to all users, but I give public ip to the normal
> users and private ip to the users with guest acl for purpose redirecting all
> dns requests from with guest acl users to the defined webserver.
> That's all.
>
>
> Sorry for my english.
>
>
> -----Original Message-----
> From: Larry Brower [mailto:larry at maxqe.com]
> Sent: Tuesday, July 13, 2010 10:43 AM
> To: Nadir Aliyev
> Cc: bind-users at lists.isc.org
> Subject: Re: Defining custom root zone by subnet.
>
> Nadir Aliyev wrote:
>    
>> Hi friends,
>>
>>
>>
>> Its possible in bind define fake root zone by subnet? (in this case just
>> for zone1)
>>
>>
>>      
> Sounds like you need to use views. Why would you want to do this
> though? It is silly.
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>

More information about the bind-users mailing list