[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Thu Nov 18 15:09:32 2004 -->
- <!--x-from-r13: xnobbz ng tngrpu.rqh (Quevf Dvpxre) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] DNS Questions -->
- <li><em>date</em>: Thu Nov 18 15:09:32 2004</li>
- <li><em>from</em>: kaboom at gatech.edu (Chris Ricker)</li>
- <li><em>in-reply-to</em>: <<a href="msg00816.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00816.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] DNS Questions</li>
> Also, I seem to remember reading in one of the tldp.org
> how-to's on dns - they mention split dns and how to
> configure.
>
> <a rel="nofollow" href="http://www.etherboy.com/dns/chrootdns.html";>http://www.etherboy.com/dns/chrootdns.html</a>
> <a rel="nofollow" href="http://tldp.org/HOWTO/DNS-HOWTO-10.html";>http://tldp.org/HOWTO/DNS-HOWTO-10.html</a> - bottom of the
> page, is where I found the link.
It's actually really easy to do split DNS. A simple example is something
like:
view "internal" {
// here I'm assuming you already have an ACL defined
// called "internal-addresses"
match-clients { internal-addresses; };
// now add your zones, like:
zone "localhost" IN {
type master;
file "internal/localhost.zone";
};
};
view "external" {
// here I'm assuming you already have an ACL defined
match-clients { any; };
// now add your zones, like:
zone "example.com" IN {
type master;
file "external/example.com.zone";
};
};
The basic logic is that you define an ACL to match your inside hosts. Then,
anything that matches that ACL gets served from the "internal" view.
Everyone, regardless of IP, gets served from the "external" view. With that
scenario, you'd put your public info in the external view, and your
internal-only in the internal view.
You can, of course, get more sophisticated and use non-wild-card ACLs to
create multiple different views. You can also do things like have
multiple views providing different records for the same zone:
view "internal" {
match-clients { some-acl; };
...
zone "example.com" IN {
type master;
file "internal/example.com.zone";
};
};
view "external" {
match-clients { other-acl; };
...
zone "example.com" IN {
type master;
file "external/example.com.zone";
};
};
Then, the contents of /var/named/internal/example.com.zone will be used when
internal hosts query, and the contents of
/var/named/external/example.com.zone will be used when external hosts
query....
later,
chris
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00816" href="msg00816.html">[ale] DNS Questions</a></strong>
<ul><li><em>From:</em> kevinostoll at yahoo.com (Kevin O'Neill Stoll)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00818.html">[ale] Image programs for Linux?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00820.html">[ale] Hoping someone can offer some advice</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00816.html">[ale] DNS Questions</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00802.html">[ale] O'Reilley book reviews</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00819"><strong>Date</strong></a></li>
<li><a href="threads.html#00819"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>