Hi again.... Just been asked at work if it's possible to setup the DNS server (Bind9 RH6.2), to not only resolve addresses on the public side, but for internal users on a private IP range to have say www.domain.com resolved to a private IP if it's on the internal network.. That's not too clear is it... e.g. www.domain.com normally resolves to a public IP want internal users to resolve it to a private IP... Is this done using acl's ? TIA Simon P.S. Sorry if it's still not that clear...
on Tue, Mar 05, 2002 at 02:00:36PM +0000, Simon wrote:
Just been asked at work if it's possible to setup the DNS server (Bind9 RH6.2), to not only resolve addresses on the public side, but for internal users on a private IP range to have say www.domain.com resolved to a private IP if it's on the internal network.. ... Is this done using acl's ?
Yes, use acls and the view directive. As far as I can remember something like this should work: acl "internal" { 192.168.0/14; }; view "internal" { match-clients {"internal"; }; zone "domain.com" { type "master"; file "internal.domain.zone"; }; }; view "external" { match-clients { !"internal"; }; zone "domain.com" { type "master"; file "external.domain.zone"; }; }; This is bind9 specific and is covered in bind9 manual in section 6.2.19 and 6.2.20. Keeping the two zone files in sync can be a pain, so using seperate subdomains is a lot nicer and easier to debug.. eg: zone "domain.com" { ... }; zone "int.domain.com" { allow-query { "internal"; }; ... };
participants (2)
-
Simon -
xs@kittenz.org