Forwarding for one zone with access control
Michael Kjorling
michael at kjorling.com
Sun Dec 9 12:00:05 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Just add the normal zones to the "rbl-plus-forward" view. You might
want to do that with an include file if you are running BIND 9.2.
I have such a setup and it works like a charm for me.
Michael Kjörling
On Dec 8 2001 16:12 -1000, Robert Brewer wrote:
> Next I tried the same thing in BIND 9, which also doesn't work. Then I
> started messing around with views. This does part of what I want:
>
> view "rbl-plus-forward" {
> // match only server subnet and localhost
> match-clients {
> 127.0.0.1;
> 64.65.64.0/25;
> };
> // Forward all requests for RBL+ to our special server
> zone "rbl-plus.mail-abuse.org" {
> type forward;
> forward only;
> forwarders {
> 64.65.64.22;
> };
> };
> }; // end view "rbl-plus-forward"
>
> view "normal" {
> match-clients { any; };
>
> [...all the normal zones here...]
>
> };
>
> This appears to forward requests for rbl-plus from authorized clients, but
> it also causes requests for other zones from the authorized clients to be
> forwarded (or at least it seems that way since the responses aren't
> authoritative as they should be). It looks like a view matches only on the
> client IP address, but what I really want is a match on the client IP
> address AND the queried domain name. All other queries from the authorized
> clients should be processed normally.
>
> Any ideas would be most appreciated. Mahalo.
- --
Michael Kjörling -- Programmer/Network administrator ^..^
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e \/
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4
"There is something to be said about not trying to be glamorous
and popular and cool. Just be real -- and life will be real."
(Joyce Sequichie Hifler, September 13 2001, www.hifler.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html
iD8DBQE8E1JKKqN7/Ypw4z4RAk20AKDGMoAMgkGAI/Q9yCPA9Sh/I2B2ygCeJ7Sy
pbIuuy/e4v7LkcFOdtQLlVU=
=6x2q
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list