Set up a recursive servers to provide different data
liumingxing at cnnic.cn
Wed Jun 10 14:00:53 UTC 2015
The way you gave is that two views are configured and provided in the auth servers. Maybe the view func of bind is a right method to the problem.
I wonder whether this is done in the recursor. There are two ways. First, internal views are configured to the recusor. When the local users are coming, if the quering domain name is the auth one configured to point to the address of internal DNS application servers, the recursor can immediately answers them with the configured view data, otherwise query recursively to outside auth servers for the domain. Second, more than two auth servers are setup. Some have interval data where domain names are pointed to internal servers with private addresses, others are outside servers with public addresses. When internal queries are coming, they are redirected by the targeted recursors to the former, otherwise to the latter.
> 发件人: "Karl Auer" <kauer at biplane.com.au>
> 发送时间: 2015-06-10 18:11:13 (星期三)
> 收件人: bind-users at lists.isc.org
> 主题: Re: Set up a recursive servers to provide different data
> On Wed, 2015-06-10 at 17:17 +0800, liumingxing wrote:
> > We have a domain name example.com while now we have application
> > servers that are located in in the localnet with private addresses and
> > ones in the external internet. We want to setup a recursive in local
> > networks that can provide recursive service and auth service that
> > internal users are redirected to the internal servers and the external
> > users are guided to outside servers.
> Set up one or more authoritative servers that provide two views - an
> internal and an external view.
> Then set up your recursive servers anywhere you like. A recursive
> servers you put in the space served by the internal view will get
> internally valid responses from your authoritative servers. A recursive
> server you place outside the space served by the internal view will get
> externally valid responses from your authoritative servers, as will any
> other queriers from outside your internal spaces. Queries that don't
> involve your domain(s) will go to the wider Internet.
> Aside from setting up the appropriate views and siting the authoritative
> servers appropriately, you don't need any special configuration for all
> this to happen. You don't have to configure the recursive servers in any
> way specially either, except to make sure they accept queries only from
> your own networks.
> Don't set up one server as both a recursive and an authoritative server,
> though. Bad idea.
> Regards, K.
> Karl Auer (kauer at biplane.com.au)
> GPG fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
> Old fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users