BIND serving ppp connections
Barry Margolin
barmar at alum.mit.edu
Thu Mar 31 14:05:21 UTC 2005
In article <d2gdtv$g3d$1 at sf1.isc.org>, Jim Reid <jim at rfc1035.com>
wrote:
> >>>>> "Andrew" == Andrew P <infofarmer at gmail.com> writes:
>
> Andrew> Imagine I have one stable interface with one address, say
> Andrew> 192.168.17.1. And when ppp clients connect they get
> Andrew> 172.17.0/24, while the server gets 172.17.0.1. The catch
> Andrew> is that all the clients are on one ethernet with the
> Andrew> server and have their local interfaces configured as
> Andrew> 192.168.17/24. And they connect via pppoe to authenticate
> Andrew> and say use internet. Bind serves only local namespaces
> Andrew> to unauthenticated clients (192.168.17/24) and it serves
> Andrew> all namespaces to authenticated clients (172.17.0/24).
>
> Andrew> So if I try to advertise 192.168.17.1 as a default
> Andrew> nameserver for authenticated clients, they'll access it
> Andrew> from unauthenticated ip's, therefore messing up the whole
> Andrew> thing :)
>
> No it won't. If you've configured view selection based on the source
> address of the query, your setup will work just fine.
If I understand correctly, the problem is that the clients will use
*different* source addresses depending on the server's address. The
clients are multi-homed, with addresses in the PPP and LAN ranges, and
he has different views for each range. His stable address is in the LAN
range, so if the clients use that server they'll use their LAN address
as the source, and this will result in using the wrong view.
That's why his working solution involved adding a 172.17 address as an
alias for his loopback interface. Now he has a stable address in the
PPP range, so the clients will use a source address that matches the
proper view.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list