[ale] DNS Questions
Chris Ricker
kaboom at gatech.edu
Thu Nov 18 15:09:32 EST 2004
On Thu, 18 Nov 2004, Kevin O'Neill Stoll wrote:
> Also, I seem to remember reading in one of the tldp.org
> how-to's on dns - they mention split dns and how to
> configure.
>
> http://www.etherboy.com/dns/chrootdns.html
> http://tldp.org/HOWTO/DNS-HOWTO-10.html - bottom of the
> page, is where I found the link.
It's actually really easy to do split DNS. A simple example is something
like:
view "internal" {
// here I'm assuming you already have an ACL defined
// called "internal-addresses"
match-clients { internal-addresses; };
// now add your zones, like:
zone "localhost" IN {
type master;
file "internal/localhost.zone";
};
};
view "external" {
// here I'm assuming you already have an ACL defined
match-clients { any; };
// now add your zones, like:
zone "example.com" IN {
type master;
file "external/example.com.zone";
};
};
The basic logic is that you define an ACL to match your inside hosts. Then,
anything that matches that ACL gets served from the "internal" view.
Everyone, regardless of IP, gets served from the "external" view. With that
scenario, you'd put your public info in the external view, and your
internal-only in the internal view.
You can, of course, get more sophisticated and use non-wild-card ACLs to
create multiple different views. You can also do things like have
multiple views providing different records for the same zone:
view "internal" {
match-clients { some-acl; };
...
zone "example.com" IN {
type master;
file "internal/example.com.zone";
};
};
view "external" {
match-clients { other-acl; };
...
zone "example.com" IN {
type master;
file "external/example.com.zone";
};
};
Then, the contents of /var/named/internal/example.com.zone will be used when
internal hosts query, and the contents of
/var/named/external/example.com.zone will be used when external hosts
query....
later,
chris
More information about the Ale
mailing list