Generally at the worst case we have three views. I'll pass this on. Thanks Bruce
Bruce Hayward, MTS Allstream Inc., (p) 204-958-1983 (e) [email protected] -----Original Message----- From: Ondřej Surý [mailto:[email protected]] Sent: October 25, 2010 8:51 AM To: Hayward, Bruce Cc: [email protected] Subject: Re: [Unbound-users] Unbound and Bind Views Unbound doesn't have to know. You'll just configure multiple instances of unbound (f.e. running on 127.0.0.2 127.0.0.3, etc...) and you'll do all the logic on the routing level. Of course it's not suitable if you have complicated setup like many views or overlapping views. AFAIK the design decision for the unbound was to keep it simple, efficient, secure and fast. So it doesn't implement everything you'll find in other DNS software. Ondrej On Mon, Oct 25, 2010 at 15:37, Hayward, Bruce <[email protected]> wrote: > Hi Ondrej > > Thanks for the direction, but how does Unbound know to have IPs in a range > use a specific zone? > > Bruce > > Bruce Hayward, MTS Allstream Inc., (p) 204-958-1983 (e) > [email protected] > > > -----Original Message----- > From: Ondřej Surý [mailto:[email protected]] > Sent: October 25, 2010 8:33 AM > To: Hayward, Bruce > Cc: [email protected] > Subject: Re: [Unbound-users] Unbound and Bind Views > > Hi Bruce, > > it should be fairly easy to accomplish both option using DNAT on linux > (or using other translation mechanisms either on the router or on the > end box). > > f.e. on linux you can use: > > - 10.10.10.1 is the normal address > - 10.10.10.2 is extra address you use to serve internal clients (can > be localhost if NATed on the box) > - 192.168.1.1/32 is the specific CIDR > > iptables -t nat -A PREROUTING -s 192.168.1.1/32 -d 10.10.10.1 -j DNAT > --to-destination 10.10.14.2 > > If you do the NAT on the router before, it has the added benefit of > splitting the load (so you can provide less loaded service to your > customers... etc.) > > Ondrej > > On Mon, Oct 25, 2010 at 15:18, Hayward, Bruce > <[email protected]> wrote: >> Hey >> >> On specific resolvers we use bind views to direct those who come from an IP >> in a specific CIDR to use a specific zone. We have two cases of these views. >> >> We also use views to isolate those that should only use internal zones >> versus those that should not use internal zones (external customers) >> >> Those that do not come from an IP in a specific CIDR use a global zone. >> >> "Views" were introduced in Bind 9. >> >> http://oreilly.com/pub/a/oreilly/networking/news/views_0501.html >> >> Bruce >> >> Bruce Hayward, MTS Allstream Inc., (p) 204-958-1983 (e) >> [email protected] >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Ondrej Surý >> Sent: October 21, 2010 9:52 AM >> To: [email protected] >> Subject: Re: [Unbound-users] Unbound and Bind Views >> >> Hey Bruce, >> >> I think that it's pretty well documented in the mail you sent a >> link... you setup two unbound instances and mangle the traffic from >> set of ip addresses using standard firewall/nat features your >> operating system has. >> >> Anyway maybe if you can explain what you are trying to accomplish then >> we can propose alternative without views. >> >> Ondrej >> >> On Thu, Oct 21, 2010 at 15:32, Hayward, Bruce >> <[email protected]> wrote: >>> >>> One area of Bind that we use is views to direct traffic. >>> >>> Before we can switch to Unbound, we would need a means of emulating >>> views. >>> >>> In researching this (on Google) I came across a thread discussing this: >>> http://www.mail-archive.com/[email protected]/msg00337.html >>> >>> Has anyone documented steps to accomplish this? >>> >>> Thanks >>> >>> Bruce >>> >>> Bruce Hayward, MTS Allstream Inc., (p) 204-958-1983 (e) >>> [email protected] >>> >>> >>> >>> >>> Is it really necessary to print this email? >>> >>> MTS ALLSTREAM INC. CONFIDENTIALITY WARNING: This email message is >>> confidential and intended only for the named recipient(s). If you are not >>> the intended recipient, or an agent responsible for delivering it to the >>> intended recipient, or if this message has been sent to you in error, you >>> are hereby notified that any review, use, dissemination, distribution or >>> copying of this message or its contents is strictly prohibited. If you >>> have received this message in error, please notify the sender immediately >>> and delete the original message. If there is an agreement attached with >>> this message, such agreement will not be binding until it is signed by all >>> parties named therein. >>> >>> _______________________________________________ >>> Unbound-users mailing list >>> [email protected] >>> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users >> >> >> >> -- >> Ondřej Surý <[email protected]> >> >> _______________________________________________ >> Unbound-users mailing list >> [email protected] >> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users >> > > > > -- > Ondřej Surý <[email protected]> > -- Ondřej Surý <[email protected]> _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
