Hi all, Having a problem setting up split DNS for the purpose of separating internal, recursive, caching responses vs external, non caching, non recusrive responses. First off, can views be used to do this?
If yes, here are the relevant (I hope) portions of named.conf, which I've set up based on http://www.cymru.com/Documents/secure-bind-template.html: acl trusted { 8.8.8.0/24; }; ..snip.. view internal-in in { match clients { trusted }; recursion yes; additional-from-auth yes; additional-from-cache yes; zone "." in { // Link in the root server hint file. type hint; file "db.cache"; }; zone "ournetwork.com" in { // Our internal A RR zone. There may be several of these. type master; file "ournetwork.com.db"; }; zone "8.8.8.in-addr.arpa" in { // Our internal PTR RR zone. Again, there may be several of these. type master; file "8.8.8.in-addr.arpa.db"; }; }; view external-in in { match-clients { any; }; recursion no; additional-from-auth no; additional-from-cache no; zone "8.8.8.in-addr.arpa" in { // Our internal PTR RR zone. Again, there may be several of these. type master; file "8.8.8.in-addr.arpa.db"; allow-query { any; }; }; zone "ournetwork.com" in { // Our internal A RR zone. There may be several of these. type master; file "ournetwork.com.db"; allow-query { any; }; }; zone "." in { // Link in the root server hint file. type hint; file "db.cache"; }; }; The result is that all requests outside the trusted IP range are being REFUSED. Not sure why that is, though; anyone? Thanks a bunch!
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
