split DNS for clients through a proxy
Humphrey
ylno-9dnib at telus.net
Sun Jan 13 01:16:54 UTC 2008
Mark Andrews wrote:
>> I need to know if there is a way to create a split forwarding DNS server
>> with BIND 9 such that two groups of client machines are being serviced
>> indirectly by two different external DNS servers. The purpose for this
>> is to use the adult content filtering functionality of OpenDNS for
>> machines used by children and another non-filtering DNS for machines
>> used by adults. Yes, I do understand this is easily done using BIND 9
>> views, but that depends on knowing the client machine's IP address. So
>> here comes the wrinkle... All client machines are configured such that
>> their web browsers go through a Privoxy proxy which resides on the same
>> machine as the forwarding DNS service. The result of this is that client
>> machines do not actually make the DNS queries - Privoxy does this for
>> them, which means the forwarding DNS server only ever sees the queries
>> as coming from its own IP address. The question is whether anyone knows
>> of a way of achieving the split-DNS effect in this scenario.
>>
>> H.
>
> Give the machines different proxies.
Unless I'm overlooking something, two proxies running on the same server
wouldn't help as both would still be querying the DNS from the same IP
address (aka localhost) and are thus indistinguishable. True? Adding a
second machine is something we'd very much like to avoid. Privoxy can
distinguish between clients, so an obvious question to ask is this: Is
there a way to tag a DNS query such that BIND can pick up that
additional information and select a view accordingly?
FWIW, the server in question is running FreeBSD v5.3. In case it has not
become obvious yet, I'm a novice with DNS servers.
H.
More information about the bind-users
mailing list