filtering results to subnets
Jerome Haltom
wasabi at larvalstage.net
Sat Jul 19 04:20:05 UTC 2008
Yeah, I kind of figured there was no way with Bind. I'm surprised by the
Cisco solution. And that sort of instantly validates my suggestion that
it's feasible to add such a feature to bind.
Not about to use a Cisco though.
On Fri, 2008-07-18 at 21:04 -0700, Chris Buxton wrote:
> On Jul 18, 2008, at 7:27 PM, Jerome Haltom wrote:
> > I have a desire to filter A records returned to clients that are
> > outside
> > of certain subnets. Basically my zone has a lot of private addresses
> > in
> > it. I'm cool with this.
> >
> > I'd like those private addresses to only be sent to other private
> > addresses. Any non private address should not receive them.
>
> There's no way to do this with BIND. However, certain Cisco products
> can do this kind of thing - modifying your BIND name server's outgoing
> DNS response on the fly. The Cisco solution only affects UDP queries,
> and therefore does not affect zone transfers (nor queries over TCP,
> but these are very rare).
>
> Chris
More information about the bind-users
mailing list