[47109] in North American Network Operators' Group
Re: Selective DNS replies
daemon@ATHENA.MIT.EDU (Eric A. Hall)
Thu Apr 25 15:25:11 2002
Message-ID: <3CC856D5.E6D1936E@ehsco.com>
Date: Thu, 25 Apr 2002 14:19:49 -0500
From: "Eric A. Hall" <ehall@ehsco.com>
MIME-Version: 1.0
Cc: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Clayton Fiske wrote:
> If you're referring to clients overlapping, such as:
>
> 192.168.0.0/16 sees internal for domain1, external for domain2
> 10.0.0.0/8 sees external for domain1, external for domain2
> 172.16.0.0/12 sees external for domain1, internal for domain2
>
> Then I think you'll have to define a view for each combination, and
> include whichever zonefiles are appropriate for that view.
I use a 'match-clients any' statement in the last view. Everything falls
into there after the other views are matched. EG:
view "public" {
match-clients {
any;
};
zone...
};
Internal and external have their own views of sensitive zones, but they
share the root cache and other public zones.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
