spliting access to DNS zone
Lincoln Yeoh
lyeoh at pop.jaring.nospam.my
Tue Mar 28 15:47:13 UTC 2000
On 27 Mar 2000 15:36:14 -0800, "Dmitri Toubelis" <dtoubelis at home.com>
wrote:
>Hi, Everyone,
>
>I've got one zone for Internet and intranet usage and I would like to
>restrict access to intranet part of records to Intranet users only. Can I do
>this with bind-8.2.2.
Yep. I'm doing it right now. I'm running two nameds on a single machine (in
chrooted environments for a bit better security).
You can put them on separate servers, but I only had one :(.
The intranet named uses the Internet named as forwarder.
Internet named
External access-
Only serves external version of mydomain.com (nonrecursively).
Only serves my IP range (nonrecursively).
Intranet named access-
Allows recursive queries for anything.
Intranet named
serves internal version of mydomain.com
allows recursive queries for anything.
OK, in theory you don't need the intranet named and just rely on ACLs to
control stuff. However, I'm hoping that in event the external named gets
cracked, the internal named and other stuff won't be as easily affected.
Nothing in the chroot environment is owned by the named user.
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @people at uu.net
pop.jaring.my @
*******************************
More information about the bind-users
mailing list