ACL per listening IP address ?
Evan Hunt
each at isc.org
Thu Sep 27 16:47:21 UTC 2012
> I'm not very familiar with the concept of views but I wonder if the
> "match-client" statement might be the way to go.
It sounds like the one you're interested in is "match-destinations"
actually.
options {
listen-on port 53 { 128.83.185.40; 128.83.185.41; <NATIVE IP>; };
...
};
view monitor {
match-destinations { <NATIVE IP>; };
recursion no;
allow-query { localhost; };
zone "testzone" {
type master;
file "test.db";
};
};
view others {
match-destinations { any; };
recursion yes;
allow-recursion { ... };
...
};
Any queries sent to <NATIVE IP> would then be routed into the "monitor"
view, and any queries sent to the public-facing addresses would go to
the "others" view.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list