Forwarding for one zone with access control

Michael Kjorling michael at kjorling.com
Sun Dec 9 12:00:05 UTC 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just add the normal zones to the "rbl-plus-forward" view. You might
want to do that with an include file if you are running BIND 9.2.

I have such a setup and it works like a charm for me.


Michael Kjörling


On Dec 8 2001 16:12 -1000, Robert Brewer wrote:

> Next I tried the same thing in BIND 9, which also doesn't work. Then I
> started messing around with views. This does part of what I want:
>
>         view "rbl-plus-forward" {
>                 // match only server subnet and localhost
>                 match-clients {
>                         127.0.0.1;
>                         64.65.64.0/25;
>                 };
>                 // Forward all requests for RBL+ to our special server
>                 zone "rbl-plus.mail-abuse.org" {
>                         type forward;
>                         forward only;
>                         forwarders {
>                                 64.65.64.22;
>                         };
>                 };
>         }; // end view "rbl-plus-forward"
>
>         view "normal" {
>                 match-clients { any; };
>
>         [...all the normal zones here...]
>
>         };
>
> This appears to forward requests for rbl-plus from authorized clients, but
> it also causes requests for other zones from the authorized clients to be
> forwarded (or at least it seems that way since the responses aren't
> authoritative as they should be). It looks like a view matches only on the
> client IP address, but what I really want is a match on the client IP
> address AND the queried domain name. All other queries from the authorized
> clients should be processed normally.
>
> Any ideas would be most appreciated. Mahalo.

- -- 
Michael Kjörling  --  Programmer/Network administrator  ^..^
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e   \/
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4

"There is something to be said about not trying to be glamorous
and popular and cool. Just be real -- and life will be real."
(Joyce Sequichie Hifler, September 13 2001, www.hifler.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html

iD8DBQE8E1JKKqN7/Ypw4z4RAk20AKDGMoAMgkGAI/Q9yCPA9Sh/I2B2ygCeJ7Sy
pbIuuy/e4v7LkcFOdtQLlVU=
=6x2q
-----END PGP SIGNATURE-----

More information about the bind-users mailing list