Zoltan, There may be another way to make this work but this is what comes to my mine: acl’s in a view.
https://kb.isc.org/docs/aa-00851 # named.conf acl google-is-good { 192.168.7.0/24; localhost; }; acl google-is-evil { 192.168.8.0/24; }; view google-good { match-clients { google-is-good; }; allow-recursion { any; }; forwarders { 8.8.8.8; }; }; view google-evil { match-clients { google-is-evil; }; allow-recursion { any; }; }; You *might* be able to whack the acl down to like a /28 or a /29 while keeping your DHCP scope at a /24. This will allow you to perform view testing without needing to rip n replace DHCP configs. John From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Kereszt Vezeték Sent: Monday, May 15, 2023 1:58 PM To: bind-users@lists.isc.org Subject: host restriction Hi Everybody Can someone help me with the following problem ? I have a dns server in my private network with a local domain. The dns server forward the public request to the google dns server . I wold like separate hosts in the inside network. One group allow only the local host resolve, not forward to the 8.8.8.8 .Other group allow the local hosts resolve, and able to forward to the google dns server. Are there any way to solve this problem with bind9 ? Local subnet 192.168.1.0/24<http://192.168.1.0/24> 192.168.1.10 allow forward to 8.8.8.8 192.168.1.11 allow forward to 8.8.8.8 192.168.1.20 disable forward 8.8.8.8 192.168.1.21 disable forward 8.8.8.8 Thank you regards Zoltan
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users