ACL per listening IP address ?

Evan Hunt each at isc.org
Thu Sep 27 16:47:21 UTC 2012


> I'm not very familiar with the concept of views but I wonder if the 
> "match-client" statement might be the way to go.

It sounds like the one you're interested in is "match-destinations"
actually.

    options {
        listen-on port 53 { 128.83.185.40; 128.83.185.41; <NATIVE IP>; };
        ...
    };

    view monitor {
        match-destinations { <NATIVE IP>; };
        recursion no;
        allow-query { localhost; };
        zone "testzone" {
            type master;
            file "test.db";
        };
    };

    view others {
        match-destinations { any; };
        recursion yes;
        allow-recursion { ... };
        ...
    };

Any queries sent to <NATIVE IP> would then be routed into the "monitor"
view, and any queries sent to the public-facing addresses would go to
the "others" view.

-- 
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.



More information about the bind-users mailing list