Inverse ACLs / split domains on the same server
Phil Sykes
phil.sykes at cwe.cwplc.com
Wed Sep 22 11:08:09 UTC 1999
Hi,
I'm proposing to harmonise my organisations (rather kludgy) RFC1918 DNS
solution in much the same way as the "How to run "split"
recursive/non-recursive DNS servers on the same host question" thread
suggests.
What I'm wondering is whether it's possible to have two copies of a zone on
one single server, one of which is queried when an ACL is passed, and one
when it is failed. This is for a forward DNS zone that contains both RFC1918
and public zones.
On a related note, is it possible to have 'reverse' ACLs, e.g. 'allow
everything BUT 192.168.0.0/16'?
If the same zone can't be loaded twice, I think the same effect could be
achived by having two servers on the same box (on seperate IP addresses),
both of which consider themselves authoritative for a domain. The 'private'
copy of bind is then configured with an ACL, whilst the public copy isn't.
Any comments on this?
Phil Sykes
More information about the bind-users
mailing list