The "match-destination" inspects the DNS address used by the client to
query to determine which view to use. Would this suit your purpose?

Well, yes, it would suit the purpose, but my fear was exactly that of what Matthew states below about 'leaking'.

I believe that the problem is this: even if configured to be an
authoritative server, BIND will respond to a query about zones
outside what it has authoritative data for with data from its cache
if that data is present.  As there is only one cache per instance of
BIND, enabling any sort of recursive capability on a server that is
otherwise meant to be entirely authoritative can lead to data leaking
between the authoritative and recursive parts.  This opens up the
possibility of tricking a server into caching false data and responding
with it as if it was authoritative.

In answer to the OPs original question -- yes you can start two instances
of BIND given the obvious requirement that they have distinct network addresses and ports, pid files etc. You just have to copy the startup script to a new name and modify the variable prefix internally -- eg. This chunk at the beginning of the script:

This is exactly what I'm after.

Thank you for all the help!

Steve
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to