Re: DNS with several ip adessess
Well, I wouldn't consider the use of OS-level magic to solve a DNS-specific problem (or meet a DNS-specific business requirement) to be solving problems in the right space at all. Quite the opposite. It smacks of a layer violation (the OS being considered as lower-level, layer-wise, than the DNS subsystem). Layer violation aside, though, in practical terms, while maybe there are a few server-centric options from which to choose with respect to match-destinations-based virtualization of the DNS database -- use views, separate named instances on the same server with non-overlapping listen-on's, separate (physical or virtual) OS instances -- what about match-clients-based virtualization? That involves big-picture considerations beyond just those focused on to the server side of the DNS transaction -- client configuration/management and name-resolution architecture. Does one go out and (re-)configure different communities of clients to point to different resolver addresses? Even with DHCP (*assuming* that it's centrally-managed, and *assuming* good communication and co-ordination between the DNS and DHCP groups, if separate), there are still going to be clients that don't use DHCP for resolver configuration. Manually configure those? And even where DHCP can ease the task, is it a win, overall, for simplicity and elegance, to complicate the configuration of one network subsystem (DHCP) to protect another (DNS)? If Anycast is in use, how does one handle that? Separate sets of Anycast addresses for each virtualization of the DNS database (thus shifting the impurity of view configuration to the impurity of fragmented Anycast configuration)? What about the network topology and the need sometimes to keep queries as local as possible (e.g. when faced with a trans-continental WAN link having 400ms+ latency)? Does one spin up virtual instances at *all* of the locations where there are clients which need to see a particular virtualization of the DNS database? So now we're looking at not just x number of virtual instances (one to substitute for each view), but a worst-case scenario of x times y, where y is the number of locations which really need local DNS resolution. How scalable is all of this? Seems you value purity of named.conf highly, and that's admirable. But reality, in the form of economics and logistics, often intrudes on configurational purity. Purity and 80 cents might buy someone a cup of coffee... FYI, my previous figure of 7 views, in the worst case, was actually overstated somewhat. After disregarding the views which are extraneous (never matched, just artifacts of my configuration-management system), and those which are truly temporary (due to sundowning of a datacenter, and of a GSLB technology that needed a helper), the most I have in any nameserver instance is 3. And all 3 of those are match-clients-based for purposes of enforcing security policies with respect to which DMZ or internal hosts can see internal and/or external DNS data (defense in depth). My long-term plan for resolution in my non-DMZ, non-Internet-facing environment is to have no views at all (or, technically, only the default view), but I won't hesitate to implement views where they make sense as temporary bridge measures and/or for legitimate business reasons. - Kevin On 1/3/2014 6:20 PM, Johan Ihrén wrote: Hi, On 03 Jan 2014, at 22:00 , Kevin Darcyk...@chrysler.com wrote: On 1/2/2014 5:47 PM, Johan Ihrén wrote: On 02 Jan 2014, at 16:37 , Alan Clegga...@clegg.com wrote: On Jan 2, 2014, at 9:19 AM,wbr...@e1b.org wrote: Use views Views +1 Im a proponent of separating servers and NOT using views, as any of you that have taken a class that Ive taught will attest. Furthermore, in addition to the very valid reasons that Alan list, I'd want to add yet another reason to implement this via multiple, simple, [virtual] servers, rather than using views and that is platform independence. Views are a feature specific to BIND9 (and ANS, I think). If I implement this via multiple servers then for each server I am free to choose whatever implementation is best for that task. If choose a design based on views, I am forced to used BIND9. And while BIND9 may be the best thing since sliced bread, it will not be the preferred choice forever. I see views in broader terms as a kind of source-and/or-dest-address-and/or-TSIG-key-based virtualization of a DNS database. Now, one can virtualize a database by virtualizing the underlying host OS itself -- as you and Alan have been advocating -- or one can virtualize it in a subsystem-specific way (BIND 9 views), which seems more focused and lightweight. Even if BIND 9 goes away some day, I don't think this subsystem-specific virtualization desire/requirement will go away. Something else will come along to fill that void (possibly a proprietary, for-pay piece of code). Virtualizing at the OS layer just isn't logistically or
Re: DNS with several ip adessess
From: Barry S. Finkel bsfin...@att.net One caveat with using virtual servers. Make sure that the DNS server on which the host machine relies is NOT the DNS server that is virtualized on that host. The host machine needs to be up before the VMs residing on that host come up. And you should never have only one DNS server and for reliability, they shouldn't be on the same host. Or even in the same chassis if using blades. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
From: Barry S. Finkel bsfin...@att.net One caveat with using virtual servers. Make sure that the DNS server on which the host machine relies is NOT the DNS server that is virtualized on that host. The host machine needs to be up before the VMs residing on that host come up. On 03.01.14 12:06, wbr...@e1b.org wrote: And you should never have only one DNS server and for reliability, they shouldn't be on the same host. Or even in the same chassis if using blades. and they definitely should not be two views of the same named instance, correct? However this is completely different problem. I agree that views are often problematic because people often don't understand them properly... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
Views have been in bind for all recent history. I've watched this thread and have been biting my tongue as long as I could. I'm a proponent of separating servers and NOT using views, as any of you that have taken a class that I've taught will attest. I've seen too many problems over the years that have been caused by incorrect maintenance of both data feeding the views and goofs in the mechanisms making sure that the correct view is made available to the correct slave servers (and clients). With today's hardware (virtualization, etc) it's not very expensive to build out new servers. Separate the services and you remove lots of the little prickly points that will cause you pain as the complexity of your infrastructure grows (and as you hand off to the 'next generation' of maintainers). I'm actually more a proponent of creating an architecture that doesn't NEED differentiated data, but there aren't a lot of places implementing DNS / naming structures on green-fields these days. AlanC --=20 Alan Clegg | +1-919-355-8851 | a...@clegg.com I use views here. I did have to do a little work to make suere the right views went to the right places and to make sure that the slaves that needed all the views got them correctly. But I can't see how setting up virtual hosts would be less work and how setting up virtual hosts would be less prone to errors. And I would have to figure out how to make one host only answer internal queries and the other host only answer external queries. That was easy to do with views (at least for me). Tom Schulz Applied Dynamics Intl. sch...@adi.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
Views are like any advanced technology or technique in IT: if understood and used properly, they can be a big benefit; poorly understood and/or implemented, they can create a huge, unsupportable mess. I try to keep the number of views to a minimum, but given the complexity I have to deal with, some of my named.conf's have as many as 7 views (most of which are temporary, since we're always in the middle of migrating and/or sundowning something or another). For some of us, virtual instances cost visible bucks from our service provider, but views cost only extra support time, which is lumped in with a bunch of other support costs, and is thus not visible. Sometimes it matters -- to beancounters -- whether something is broken out as a line item or not... - Kevin On 1/2/2014 10:37 AM, Alan Clegg wrote: On Jan 2, 2014, at 9:19 AM, wbr...@e1b.org wrote: Use views Views +1 When were views added to BIND? We started using using multiple servers in BIND 4, and I don't recall views being available back then, but I didn't configure the servers, just maintained the zones. We're still using multiple servers for internal vs. external resolution. Views have been in bind for all recent history. I've watched this thread and have been biting my tongue as long as I could. I'm a proponent of separating servers and NOT using views, as any of you that have taken a class that I've taught will attest. I've seen too many problems over the years that have been caused by incorrect maintenance of both data feeding the views and goofs in the mechanisms making sure that the correct view is made available to the correct slave servers (and clients). With today's hardware (virtualization, etc) it's not very expensive to build out new servers. Separate the services and you remove lots of the little prickly points that will cause you pain as the complexity of your infrastructure grows (and as you hand off to the 'next generation' of maintainers). I'm actually more a proponent of creating an architecture that doesn't NEED differentiated data, but there aren't a lot of places implementing DNS / naming structures on green-fields these days. AlanC ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
On 1/2/2014 5:47 PM, Johan Ihrén wrote: On 02 Jan 2014, at 16:37 , Alan Clegg a...@clegg.com wrote: On Jan 2, 2014, at 9:19 AM, wbr...@e1b.org wrote: Use views Views +1 When were views added to BIND? We started using using multiple servers in BIND 4, and I don't recall views being available back then, but I didn't configure the servers, just maintained the zones. We're still using multiple servers for internal vs. external resolution. Views have been in bind “for all recent history”. I’ve watched this thread and have been biting my tongue as long as I could. I’m a proponent of separating servers and NOT using views, as any of you that have taken a class that I’ve taught will attest. I’ve seen too many problems over the years that have been caused by incorrect maintenance of both data feeding the views and goofs in the mechanisms making sure that the correct view is made available to the correct slave servers (and clients). With today’s hardware (virtualization, etc) it’s not very expensive to build out new servers. Separate the services and you remove lots of the little prickly points that will cause you pain as the complexity of your infrastructure grows (and as you hand off to the ‘next generation’ of maintainers). I could not agree more (as anyone who has attended a class that I've taught will attest ;-). Furthermore, in addition to the very valid reasons that Alan list, I'd want to add yet another reason to implement this via multiple, simple, [virtual] servers, rather than using views and that is platform independence. Views are a feature specific to BIND9 (and ANS, I think). If I implement this via multiple servers then for each server I am free to choose whatever implementation is best for that task. If choose a design based on views, I am forced to used BIND9. And while BIND9 may be the best thing since sliced bread, it will not be the preferred choice forever. I see views in broader terms as a kind of source-and/or-dest-address-and/or-TSIG-key-based virtualization of a DNS database. Now, one can virtualize a database by virtualizing the underlying host OS itself -- as you and Alan have been advocating -- or one can virtualize it in a subsystem-specific way (BIND 9 views), which seems more focused and lightweight. Even if BIND 9 goes away some day, I don't think this subsystem-specific virtualization desire/requirement will go away. Something else will come along to fill that void (possibly a proprietary, for-pay piece of code). Virtualizing at the OS layer just isn't logistically or economically optimal in all cases. - Kevin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
Hi, On 03 Jan 2014, at 22:00 , Kevin Darcy k...@chrysler.com wrote: On 1/2/2014 5:47 PM, Johan Ihrén wrote: On 02 Jan 2014, at 16:37 , Alan Clegg a...@clegg.com wrote: On Jan 2, 2014, at 9:19 AM, wbr...@e1b.org wrote: Use views Views +1 I’m a proponent of separating servers and NOT using views, as any of you that have taken a class that I’ve taught will attest. Furthermore, in addition to the very valid reasons that Alan list, I'd want to add yet another reason to implement this via multiple, simple, [virtual] servers, rather than using views and that is platform independence. Views are a feature specific to BIND9 (and ANS, I think). If I implement this via multiple servers then for each server I am free to choose whatever implementation is best for that task. If choose a design based on views, I am forced to used BIND9. And while BIND9 may be the best thing since sliced bread, it will not be the preferred choice forever. I see views in broader terms as a kind of source-and/or-dest-address-and/or-TSIG-key-based virtualization of a DNS database. Now, one can virtualize a database by virtualizing the underlying host OS itself -- as you and Alan have been advocating -- or one can virtualize it in a subsystem-specific way (BIND 9 views), which seems more focused and lightweight. Even if BIND 9 goes away some day, I don't think this subsystem-specific virtualization desire/requirement will go away. Something else will come along to fill that void (possibly a proprietary, for-pay piece of code). Virtualizing at the OS layer just isn't logistically or economically optimal in all cases. Interesting points. However, I must say that looking at the exact same problem space I come to the complete opposite conclusion. 1. Virtualisation: Once views were the thing to do. I also have boxes with seven or more views, a few of them are still running. But I don't design things that way today. The reason is that OS level virtualisation is so prevalent today and provides so many additional benefits (simplicity of DNS config, standardization of hosting environments, platform independence, etc). In a way, I look at BIND9 as the forerunner for what was needed, and then functionality became more standardized... and I migrated away from the BIND9 special version. Another example is the r in rndc: once upon a time I used rndc -s remote.box cmd to manage remote nameservers. These days I do ssh remote.box rndc cmd and thereby I removed yet another dependency on a BIND9 special feature, removed the RNDC protocol from the list of remote attack vectors and closed another open port. All good. Views are similar. 2. Lightweight: Well, I have to agree that BIND9 views are more lightweight than OS level virtualisation, although for most of us the bang-for-the-buck is less of an issue than the maintenance costs... and more people seem to understand the concept of having several virtual servers, each with a config that they grasp. In my world we are at a point where creating a couple of virtual servers is done almost by clicking a checkbox or two, and is available basically everywhere. Creating new views in BIND9 on the other hand is advanced stuff. If you mess up, not only do you not get the new views, you run the real risk of compromising the entire existing DNS infrastructure. So while most of us on this list may look at it as trivial, it is not trivial to everyone. 3. Something else providing views-like functionality in a post-BIND9 enviroment: Hmm. Not from where I'm looking. A very common use for views is to have both an authoritative view and a recursive/validating view in the same box. But the general trend is away from nameservers that do both auth and reursive service. NSD3, NSD4, Unbound, Knot-DNS, ANS, CNS, Yadifa, pdns, pdns-recursor, etc, etc. All of them are *either* authoritative or recursive. Show me the piece of code that is going to provide the equivalent of having both a recursive and an auth view in such an environment? I seem to remember that ANS has views, but as it is auth-only I'm assuming it cannot do this. On the other hand, yes, I'm aware that BIND10 has an auth module and will have a recursive module, so the picture is not completely one-sided. 4. Logistically or economically viable: I have to make the observation that trying to solve problems in the wrong space never works out in the long run. Yes, I am painfully aware that the world in general likes to try to address all sorts of problems by DNS tweaks, DNS lying, DNS rewriting and what have you. None of which improve on the quality and robustness of the DNS, in my book. So I have to say that I strongly believe that financial and logistic problems, important as they may be, should be addressed somewhere else than in my named.conf. Or, put another way, I'd argue that while the parameters for good DNS design includes things like simplicity, maintainability,
Re: DNS with several ip adessess
see bind arm 6.2.26 view Statement Definition and Usage 2013/12/30 Måns Hagström limono...@me.com Hi, I'm running the same DNS for both my local and global adress-spaces. That is, when I'm on my local net, I want the DNS to reply with my local 192.168.0.1-address, and when users from the 'outside' global net queries my DNS, it shall return the global xxx.xxx.xxx.xxx ip-address. My problem is that I have to allocate both the local and the global address to the same domain-name, giving the result that both my local and global ip-address are exposed for the users. Is it possible to isolate the query so that the local users get the local ip-address and the global gets the global ip-address for the same domain-name? I'm running BIND 9.9.2 BR Mons ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
R: DNS with several ip adessess
I use views to manage about 500 mirrored (internal/external) zones and it works fine. Use views Views +1 Stefano. -Messaggio originale- Da: bind-users-bounces+stefano.chiesa=wki...@lists.isc.org [mailto:bind-users-bounces+stefano.chiesa=wki...@lists.isc.org] Per conto di Dnsbed Ops Inviato: lunedì 30 dicembre 2013 11.03 A: bind-users@lists.isc.org Oggetto: Re: DNS with several ip adessess On 2013-12-30 17:38, Abdul Khader wrote: Use views Views +1 http://www.cyberciti.biz/faq/linux-unix-bind9-named-configure-views/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: R: DNS with several ip adessess
Use views Views +1 When were views added to BIND? We started using using multiple servers in BIND 4, and I don't recall views being available back then, but I didn't configure the servers, just maintained the zones. We're still using multiple servers for internal vs. external resolution. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: R: DNS with several ip adessess
On Thu, 2 Jan 2014, wbr...@e1b.org wrote: When were views added to BIND? We started using using multiple servers in BIND 4, and I don't recall views being available back then, but I didn't configure the servers, just maintained the zones. Views were introduced in BIND 9.0.0 (September 2000). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
On Jan 2, 2014, at 9:19 AM, wbr...@e1b.org wrote: Use views Views +1 When were views added to BIND? We started using using multiple servers in BIND 4, and I don't recall views being available back then, but I didn't configure the servers, just maintained the zones. We're still using multiple servers for internal vs. external resolution. Views have been in bind “for all recent history”. I’ve watched this thread and have been biting my tongue as long as I could. I’m a proponent of separating servers and NOT using views, as any of you that have taken a class that I’ve taught will attest. I’ve seen too many problems over the years that have been caused by incorrect maintenance of both data feeding the views and goofs in the mechanisms making sure that the correct view is made available to the correct slave servers (and clients). With today’s hardware (virtualization, etc) it’s not very expensive to build out new servers. Separate the services and you remove lots of the little prickly points that will cause you pain as the complexity of your infrastructure grows (and as you hand off to the ‘next generation’ of maintainers). I’m actually more a proponent of creating an architecture that doesn’t NEED differentiated data, but there aren’t a lot of places implementing DNS / naming structures on green-fields these days. AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
On 02 Jan 2014, at 16:37 , Alan Clegg a...@clegg.com wrote: On Jan 2, 2014, at 9:19 AM, wbr...@e1b.org wrote: Use views Views +1 When were views added to BIND? We started using using multiple servers in BIND 4, and I don't recall views being available back then, but I didn't configure the servers, just maintained the zones. We're still using multiple servers for internal vs. external resolution. Views have been in bind “for all recent history”. I’ve watched this thread and have been biting my tongue as long as I could. I’m a proponent of separating servers and NOT using views, as any of you that have taken a class that I’ve taught will attest. I’ve seen too many problems over the years that have been caused by incorrect maintenance of both data feeding the views and goofs in the mechanisms making sure that the correct view is made available to the correct slave servers (and clients). With today’s hardware (virtualization, etc) it’s not very expensive to build out new servers. Separate the services and you remove lots of the little prickly points that will cause you pain as the complexity of your infrastructure grows (and as you hand off to the ‘next generation’ of maintainers). I could not agree more (as anyone who has attended a class that I've taught will attest ;-). Furthermore, in addition to the very valid reasons that Alan list, I'd want to add yet another reason to implement this via multiple, simple, [virtual] servers, rather than using views and that is platform independence. Views are a feature specific to BIND9 (and ANS, I think). If I implement this via multiple servers then for each server I am free to choose whatever implementation is best for that task. If choose a design based on views, I am forced to used BIND9. And while BIND9 may be the best thing since sliced bread, it will not be the preferred choice forever. I’m actually more a proponent of creating an architecture that doesn’t NEED differentiated data, but there aren’t a lot of places implementing DNS / naming structures on green-fields these days. I agree with this also. Johan signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
With today's hardware (virtualization, etc) it?s not very expensive to build out new servers. One caveat with using virtual servers. Make sure that the DNS server on which the host machine relies is NOT the DNS server that is virtualized on that host. The host machine needs to be up before the VMs residing on that host come up. --Barry Finkel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
DNS with several ip adessess
Hi, I'm running the same DNS for both my local and global adress-spaces. That is, when I'm on my local net, I want the DNS to reply with my local 192.168.0.1-address, and when users from the 'outside' global net queries my DNS, it shall return the global xxx.xxx.xxx.xxx ip-address. My problem is that I have to allocate both the local and the global address to the same domain-name, giving the result that both my local and global ip-address are exposed for the users. Is it possible to isolate the query so that the local users get the local ip-address and the global gets the global ip-address for the same domain-name? I'm running BIND 9.9.2 BR Mons ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
I do this with views, the internal view has recursion the external does not. I would be interested to hear other ways to do this. On 30/12/13 10.27, Måns Hagström wrote: Hi, I'm running the same DNS for both my local and global adress-spaces. That is, when I'm on my local net, I want the DNS to reply with my local 192.168.0.1-address, and when users from the 'outside' global net queries my DNS, it shall return the global xxx.xxx.xxx.xxx ip-address. My problem is that I have to allocate both the local and the global address to the same domain-name, giving the result that both my local and global ip-address are exposed for the users. Is it possible to isolate the query so that the local users get the local ip-address and the global gets the global ip-address for the same domain-name? I'm running BIND 9.9.2 BR Mons ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
Use views Abdul Khader Engineer/Network Services/SOM Mobile : 050-153-5461 Extension : 84-5173 On 30/12/2013 1:27 PM, Måns Hagström wrote: Hi, I'm running the same DNS for both my local and global adress-spaces. That is, when I'm on my local net, I want the DNS to reply with my local 192.168.0.1-address, and when users from the 'outside' global net queries my DNS, it shall return the global xxx.xxx.xxx.xxx ip-address. My problem is that I have to allocate both the local and the global address to the same domain-name, giving the result that both my local and global ip-address are exposed for the users. Is it possible to isolate the query so that the local users get the local ip-address and the global gets the global ip-address for the same domain-name? I'm running BIND 9.9.2 BR Mons ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
On 2013-12-30 17:38, Abdul Khader wrote: Use views Views +1 http://www.cyberciti.biz/faq/linux-unix-bind9-named-configure-views/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users