I'm planning a new BIND9 DNS Server with a special kind of view.
We a have a lot of external zones and public IPv4 addresses. To keep things simple we have a subzone of our external domain just for the internal scope; something like: local.example.com
Our goal is to keep things simple and don't hassle with different example.com zone from the internal and external views.
To do that I must restrict only the local.example.com zone for internal clients. But internal clients should resolve the external addresses to, since we have internal clients with public IPv4 addresses.
Think the internal zone as a set of a Venn Diagram. The external set is inside the internal set, so all zones should be in the internal scope too and unmodified.
The main question can be summarised in this one: can I point the same db zone files in the internal and the external views?
Answer
Just use an acl to limit queries to your internal zone.
acl internal-networks {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
};
zone "internal.example.com" {
type master;
file "internal.example.com";
allow-query { internal-networks; };
};
You can add additional IP addresses to the internal-networks acl. It doesn't matter if they are publicly routable or not; whatever you add there can query the zone.
No comments:
Post a Comment