host restriction
John W. Blue
john.blue at rrcic.com
Tue May 16 01:35:00 UTC 2023
Zoltan,
There may be another way to make this work but this is what comes to my mine: acl’s in a view.
https://kb.isc.org/docs/aa-00851
# named.conf
acl google-is-good { 192.168.7.0/24; localhost; };
acl google-is-evil { 192.168.8.0/24; };
view google-good {
match-clients { google-is-good; };
allow-recursion { any; };
forwarders {
8.8.8.8;
};
};
view google-evil {
match-clients { google-is-evil; };
allow-recursion { any; };
};
You *might* be able to whack the acl down to like a /28 or a /29 while keeping your DHCP scope at a /24. This will allow you to perform view testing without needing to rip n replace DHCP configs.
John
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Kereszt Vezeték
Sent: Monday, May 15, 2023 1:58 PM
To: bind-users at lists.isc.org
Subject: host restriction
Hi Everybody
Can someone help me with the following problem ?
I have a dns server in my private network with a local domain. The dns server forward the public request to the google dns server . I wold like separate hosts in the inside network.
One group allow only the local host resolve, not forward to the 8.8.8.8 .Other group allow the local hosts resolve, and able to forward to the google dns server.
Are there any way to solve this problem with bind9 ?
Local subnet 192.168.1.0/24<http://192.168.1.0/24>
192.168.1.10 allow forward to 8.8.8.8
192.168.1.11 allow forward to 8.8.8.8
192.168.1.20 disable forward 8.8.8.8
192.168.1.21 disable forward 8.8.8.8
Thank you
regards
Zoltan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230516/156dc8cd/attachment.htm>
More information about the bind-users
mailing list