On Thu, 5 Jan 2023, [utf-8] OndÅej Surý wrote:
> Date: Thu, 5 Jan 2023 14:51:52 +0100
> From: "[utf-8] OndÅej Surý" <ond...@isc.org>
> To: Robert M. Stockmann <st...@stokkie.net>
> Cc: BIND users <bind-users@lists.isc.org>
> Subject: Re: Deprecation notice for BIND 9.18: Differentiated Services
> Code Point (DSCP) support
>
> > On 5. 1. 2023, at 14:46, Robert M. Stockmann <st...@stokkie.net> wrote:
> >
> > On Thu, 5 Jan 2023, [utf-8] OndÅej Surý wrote:
> >
> > This is like Mercedes Benz announcing they will only sell
> > the Baby Benz model, which is a Volkswagen EV barebonez with
> > the VW logo replaced with a plastic Mercedes Benz star
>
> I've asked for a strong use-case and all I've got was a snark.
>
> Do you actually have a real-world use for DSCP or are you just in bad mood?
>
>From /usr/share/doc/bind-9.9.9P6/FAQ :
Q: How can I make a server a slave for both an internal and an external
view at the same time? When I tried, both views on the slave were
transferred from the same view on the master.
A: You will need to give the master and slave multiple IP addresses and
use those to make sure you reach the correct view on the other machine.
Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
internal:
match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
notify-source 10.0.1.1;
transfer-source 10.0.1.1;
query-source address 10.0.1.1;
external:
match-clients { any; };
recursion no; // don't offer recursion to the world
notify-source 10.0.1.2;
transfer-source 10.0.1.2;
query-source address 10.0.1.2;
Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
internal:
match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
notify-source 10.0.1.3;
transfer-source 10.0.1.3;
query-source address 10.0.1.3;
external:
match-clients { any; };
recursion no; // don't offer recursion to the world
notify-source 10.0.1.4;
transfer-source 10.0.1.4;
query-source address 10.0.1.4;
You put the external address on the alias so that all the other dns
clients on these boxes see the internal view by default.
-----//-----
Q: I want to forward all DNS queries from my caching nameserver to another
server. But there are some domains which have to be served locally, via
rbldnsd.
How do I achieve this ?
A: options {
forward only;
forwarders { <ip.of.primary.nameserver>; };
};
zone "sbl-xbl.spamhaus.org" {
type forward; forward only;
forwarders { <ip.of.rbldns.server> port 530; };
};
zone "list.dsbl.org" {
type forward; forward only;
forwarders { <ip.of.rbldns.server> port 530; };
};
--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org st...@stokkie.net
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
