Is it possible

[Kevin Darcy]

No, not as such. In theory, though, you could use BIND 9's
"view" mechanism to make a reasonably easy-to-manage facsimile using
split DNS:

1. Define the same zone in an "external" and an "internal" view.
Obviously the internal view would have query restrictions on it.

2. Maintain the private RR's only in the internal view's version of the
zone.

3. Maintain all of the public RR's in a file which is $INCLUDE'd into
both zone files.

4. Make sure you increment the serial number(s) appropriately whenever
you make changes to the public or private data.

I say "in theory", because I've never actually tested this. BIND 9 has
only recently been released. See the documentation for how "views" work.

With BIND 8, you'd have to actually run separate nameserver instances
for this, listening to different interfaces, which is a pain to
maintain.


- Kevin

EB wrote:

> While using any version of Bind is it possible
> to allow lookups to only specific portions of
> a particular zone file based on IP address? So
> to allow internal hosts to query all RR's
> while limiting external requests to everything but
> RR X and RR Y queries?