North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Selective DNS replies

  • From: Eric A. Hall
  • Date: Thu Apr 25 15:27:04 2002

Clayton Fiske wrote:

> If you're referring to clients overlapping, such as:
> 
> 192.168.0.0/16 sees internal for domain1, external for domain2
> 10.0.0.0/8     sees external for domain1, external for domain2
> 172.16.0.0/12  sees external for domain1, internal for domain2
> 
> Then I think you'll have to define a view for each combination, and
> include whichever zonefiles are appropriate for that view.

I use a 'match-clients any' statement in the last view. Everything falls
into there after the other views are matched. EG:

view "public" {

        match-clients {
                any;
        };

	zone...
};

Internal and external have their own views of sensitive zones, but they
share the root cache and other public zones.

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/