DNS for several different organisations
Barry Margolin
barmar at bbnplanet.com
Wed Mar 15 21:18:43 UTC 2000
In article <8anrcj$901 at ccnews01.imt.carel.fi>,
Harri <harri.enlund at tietoenator.com> wrote:
>Hello,
>
>I have following dilemma:
>
>Case: Need to establish DNS-service for several different organisations. I
>have DNS-server for one organisation already (ns1.x.y) and it is also
>authoritative for our own domain (dns.a.b)
>
>Can I establish DNS-service for another organisation into same DNS-server
>(ns1.x.y=dns.a.b) but so that those organisations can't see each other's
>DNS-information? Furthermore I need to see both of those organisation's
>DNS-information for our network monitoring purposes. Maybe the problem is
>that we use the same DNS-server as one of our customer.
>
>I realise I can install several DNS-servers but still those servers must not
>see each other's DNS-information. Only our own DNS-server must be able to
>see DNS-information of our customers.
Each zone in a named.conf file can have its own "allow-query" access list.
So you can configure each zone so just the IP addresses belonging to that
organization and your own organization can access them.
acl "customer1" { 1.1.1.0/24; };
acl "customer2" { 2.2.0.0/16; 3.3.3.0/24; };
acl "provider" {4.4.4.0/24; };
zone "customer1.com" {
allow-query { customer1; provider; };
...
};
zone "customer2.com" {
allow-query {customer2; provider; };
...
};
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list