On Thu, 17 Jun 2010, Torsten wrote:
Am Thu, 17 Jun 2010 13:35:38 +0100
schrieb Phil Mayers <p.may...@imperial.ac.uk>:
On 17/06/10 12:39, Jørn Skjerven wrote:
Hi!
I've tried to search the archive for for this, but could not find
anything relevant.
We currently run a server with an authoritative set for domains. We
want to use the same server as a cache-only DNS for other customers
as well.
Is it possible to achieve this in a single named.conf, or is it
recommended to run two instances of bind, each with a different
listen-on <ip> statement?
Sure. Use views:
view authoritative {
recursion no;
match-destinations { mycurrentip; };
zone ...
};
view authoritative {
recursion yes;
match-destinations { myrecurseip; };
};
The important part seems to be "on a secondary IP" and afaik listen-on
statements don't work inside of view statements.
That leaves you with running two seperate instances of Bind on the same
server.
Ciao
Torsten
But match-clients does work in views
I set up an acl for my internal IPs as:
acl local-nets {
192.168.0.0/16; // our known internal net
127.0.0.1; // localhost loopback
::1; // Localhost IPV6
};
And one for the external:
acl isp-net { 99.178.153.41; }; // our ATT-Uverse net
and then used views:
view "internal" // only local hosts (match-clients) will see this view
{
match-clients { local-nets; };
allow-recursion { local-nets; };
zone .....
[zone ... ]
}
view "external" { // Primary nameserver for maplepark.com.
allow-query { any; };
// allow-recursion { none;}; // "additional-from-cache no;" will not work
with this!
recursion no; // So use this instead.
additional-from-cache no; //
https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful
zone .....
[zone ... ]
}
and it has been working well. I do use all private addresses for my
internal network and that does require a separate zone file.
Dave
--
David Forrest e-mail drf @ maplepark.com
Maple Park Development Corporation http://xen.maplepark.com
St. Louis, Missouri (Sent by ALPINE 2.01 FEDORA 11 LINUX)
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users