split DNS for clients through a proxy
Humphrey
ylno-9dnib at telus.net
Tue Jan 15 09:04:55 UTC 2008
Mark Andrews wrote:
>> Mark Andrews wrote:
>>>> I need to know if there is a way to create a split forwarding DNS server
>>>> with BIND 9 such that two groups of client machines are being serviced
>>>> indirectly by two different external DNS servers. The purpose for this
>>>> is to use the adult content filtering functionality of OpenDNS for
>>>> machines used by children and another non-filtering DNS for machines
>>>> used by adults. Yes, I do understand this is easily done using BIND 9
>>>> views, but that depends on knowing the client machine's IP address. So
>>>> here comes the wrinkle... All client machines are configured such that
>>>> their web browsers go through a Privoxy proxy which resides on the same
>>>> machine as the forwarding DNS service. The result of this is that client
>>>> machines do not actually make the DNS queries - Privoxy does this for
>>>> them, which means the forwarding DNS server only ever sees the queries
>>>> as coming from its own IP address. The question is whether anyone knows
>>>> of a way of achieving the split-DNS effect in this scenario.
>>>>
>>>> H.
>>> Give the machines different proxies.
>> Adding a
>> second machine is something we'd very much like to avoid. Privoxy can
>> distinguish between clients, so an obvious question to ask is this: Is
>> there a way to tag a DNS query such that BIND can pick up that
>> additional information and select a view accordingly?
>
> You can also use TSIGs to select views.
I see where one can assign TSIGs to instances of BIND, but how does one
cause some specific daemon (eg. Privoxy) to use a TSIG in its DNS queries?
H.
More information about the bind-users
mailing list