on Tue, Mar 05, 2002 at 02:00:36PM +0000, Simon wrote:
Just been asked at work if it's possible to setup the DNS server (Bind9 RH6.2), to not only resolve addresses on the public side, but for internal users on a private IP range to have say www.domain.com resolved to a private IP if it's on the internal network..
...
Is this done using acl's ?
Yes, use acls and the view directive. As far as I can remember something like this should work:
acl "internal" { 192.168.0/14; };
view "internal" { match-clients {"internal"; }; zone "domain.com" { type "master"; file "internal.domain.zone"; }; };
view "external" { match-clients { !"internal"; }; zone "domain.com" { type "master"; file "external.domain.zone"; }; };
This is bind9 specific and is covered in bind9 manual in section 6.2.19 and 6.2.20. Keeping the two zone files in sync can be a pain, so using seperate subdomains is a lot nicer and easier to debug.. eg:
zone "domain.com" { ... };
zone "int.domain.com" { allow-query { "internal"; }; ... };