That should work fine, as long as
a) this view definition appears in named.conf before any more general
view (since views are matched in order),
b) the "zone1" ACL is defined to include all of the address ranges that
should get the "private" root zone, and
c) "db.lockdown" contains a root zone with only 1 A record -- a wildcard
entry with the "private IP" as the RDATA -- and no delegations
Note that you don't need "recursion yes" if every query is going to be
resolved directly from your "fake" root zone.
- Kevin
On 7/13/2010 6:33 AM, Nadir Aliyev wrote:
Not helped...
view "internal-in" in {
match-clients { zone1; };
recursion yes;
zone "." {
type master;
file "db.lockdown";
};
};
-----Original Message-----
From: Nadir Aliyev [mailto:na...@ultel.net]
Sent: Tuesday, July 13, 2010 3:28 PM
To: 'Larry Brower'
Cc: 'bind-users@lists.isc.org'
Subject: RE: Defining custom root zone by subnet.
Its maybe sily just for you. But not for all.
For example,
I authorize users via radius with 2 way: without acl and with guest acl.
So I give same dns servers to all users, but I give public ip to the normal
users and private ip to the users with guest acl for purpose redirecting all
dns requests from with guest acl users to the defined webserver.
That's all.
Sorry for my english.
-----Original Message-----
From: Larry Brower [mailto:la...@maxqe.com]
Sent: Tuesday, July 13, 2010 10:43 AM
To: Nadir Aliyev
Cc: bind-users@lists.isc.org
Subject: Re: Defining custom root zone by subnet.
Nadir Aliyev wrote:
Hi friends,
Its possible in bind define fake root zone by subnet? (in this case just
for zone1)
Sounds like you need to use views. Why would you want to do this
though? It is silly.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
