BIND serving ppp connections
Jim Reid
jim at rfc1035.com
Thu Mar 31 08:50:30 UTC 2005
>>>>> "Andrew" == Andrew P <infofarmer at gmail.com> writes:
Andrew> Imagine I have one stable interface with one address, say
Andrew> 192.168.17.1. And when ppp clients connect they get
Andrew> 172.17.0/24, while the server gets 172.17.0.1. The catch
Andrew> is that all the clients are on one ethernet with the
Andrew> server and have their local interfaces configured as
Andrew> 192.168.17/24. And they connect via pppoe to authenticate
Andrew> and say use internet. Bind serves only local namespaces
Andrew> to unauthenticated clients (192.168.17/24) and it serves
Andrew> all namespaces to authenticated clients (172.17.0/24).
Andrew> So if I try to advertise 192.168.17.1 as a default
Andrew> nameserver for authenticated clients, they'll access it
Andrew> from unauthenticated ip's, therefore messing up the whole
Andrew> thing :)
No it won't. If you've configured view selection based on the source
address of the query, your setup will work just fine.
Simply configure the name server to listen on its stable interface(s).
This is the *only* sensible approach. Name service on unreliable
network interfaces or ones that change address often guarantees
mountains of needless hassle. Then use views to decide which clients
get to see the local namespace and which don't. That can be done based
on each client's source IP address. You're done.
More information about the bind-users
mailing list