I have a question regarding views, and the decisions that can be based on network scenario. I'm not entirely sure whether it's possible to provide resolution for the scenario I describe, but I thought I'd ask the question.
I have a new small environment of machines (Unix – mainly Linux) that need to be able to resolve hostnames (and potentially reverse lookups) purely within this firewalled small number of subnets. On the main LAN is a reasonably large DNS environment (mostly Windows 2003 DNS servers). Between the LAN and the environment I'm describing, is a firewall, among other things performing NAT. In the new small setup, I'm going to be running one server running BIND (9.3.5-p2). Ideally, I'd like the namespace in this new environment to be a subdomain of the parent DNS server on my main LAN, and be delegated to the BIND server in the new envionment. The new environment doesn't need to resolve any hosts in the main LAN, but DNS in the LAN needs to resolve to the available translated addresses from the new environment. What I was envisaging doing, was setting up views in the new environment, one being defined by the subnets in the new environment – notionally “local”, and everything else being “alien”. The problem for me being the way NAT is currently being implemented, and I don't yet know whether that's something that can be changed. Say the subnets in the new environment are: 10.228.6.x, 10.228.7.x and 10.228.8.x (24 bit subnet mask). Currently, traffic from the main LAN will be seen as (translated by NAT) as coming from singular IP addresses on each of these subnets, eg: on 10.228.6.x, LAN traffic seen as coming from 10.228.6.248; on 10.228.7.x, LAN traffic as 10.228.7.248; and on 10.228.8.x as 10.228.8.248. The last octet (for the translated incoming traffic) is common, ie 248 on each subnet. Using views, is it possible, to provide answers for “local” view data for a range of IP addresses on each subnet, and / or an external view for anything coming from a specific IP address on that subnet? Or will that not be possible (or horrendously complex), and a more easily segmented implementation of NAT be required (ie say LAN traffic all appears to come from one, or a number of subnets: eg 10.228.88.x, 10.228.89.x and 10.228.90.x)? Thanks in advance for any advice or help. _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
