weird hack to bind results to ip range?
Mathew A. Hennessy
hennessy at cloud9.net
Mon Apr 24 21:29:16 UTC 2000
Hi,
Due to some network issues beyond my control, I've been asked to
setup our primary (internal + external) bind box to delegate a branch
office's public addresses (run on an external nameserver) to people
querying from outside our VPN, and to delegate their private addresses
(from their internal nameserver) to internal VPN users. That's to say
that I run foo.tld. and I currently delegate accesses to branch.foo.tld.
to ext.branch.foo.tld. . What they want now is that if someone comes in
off of one of our VPNs (subnetted 10./8) they want us to delegate to
int.branch.foo.tld. while continuing to point the rest of the world to
ext.branch.foo.tld. .
I know we need to split our own nameservice though realistically
since our vpns are nonroutable it's a lower priority than some of the
other cleanup around here :p but for the time being, is it possible to
setup a zone in the named.conf to provide from multiple zones depending on
incoming IP? I tried this with sortlist, but it appears to really only be
helpful with round-robin, and doesn't offer the flexibility of "if the
requestor comes from 10./8, serve 'int.foo.tld' else serve 'ext.foo.tld'".
Just as an aside, a feature like this would also help in the
migration to a split DNS infrastructure, where you can continue to point
to a single server while you split files...
Or is this already possible and I just didn't RTFM closely enough...
topology may do this, but hmm.. maybe if I set the topology to prefer 10/8
addresses... (gotta love monkeying around with primary dns ;)
Cheers,
- Matt
--
If it sounds too good to be true, it's probably Linux.
"Fool! There is nothing Perl cannot do! NOTHING!" -Bastich
"You can never entirely stop being what you once were. That's why it's important
to be the right person today, and not put it off till tomorrow." - Larry Wall
More information about the bind-users
mailing list