3.18.1 Problem
You want to configure a name server to return different answers to the same query depending on the IP address from which the query is sent.
3.18.2 Solution
Use BIND 9's view mechanism to create multiple versions of the zone that will contain the answer, and use the match-clients substatement to place the addresses of the queriers in the appropriate view.
For example, to have www.foo.example map to the address 192.168.0.10 for internal queries, and to the address 206.168.119.176 for queries from the Internet, create a db.foo.example.internal zone data file that includes this A record:
www.foo.example. IN A 192.168.0.10
Then create a db.foo.example.external zone data file that includes this record:
www.foo.example. IN A 206.168.119.176
Define an access control list in named.conf to match internal IP addresses:
acl internal { 192.168/16; };
Then configure the two versions of the zone in two view statements:
view internal { match-clients { internal; }; zone "foo.example" { type master; file "db.foo.example.internal"; }; }; view external { match-clients { any; }; zone "foo.example" { type master; file "db.foo.example.external"; }; };
3.18.3 Discussion
The first match-clients substatement that matches a querier's address determines which view the querier sees, so queries from addresses that don't match the internal ACL fall through to the external view and are answered from that version of foo.example.
The match-clients substatement defaults to any, so you can leave the substatement out of the external view entirely. However, subtlety is not always a virtue when writing named.conf files, so you might want to use an explicit substatement, as I did here, to make the configuration that much easier to grok.
3.18.4 See Also
If you want the name server to return the same answer, but with the records in a different order, see Section 3.19. If you need to set up a slave name server for zones in multiple views on your primary master -- and you have my sympathy -- brace yourself, then read Section 3.20. For more information on views, see "Views" in Chapter 10 of DNS and BIND.
Getting Started
Zone Data
BIND Name Server Configuration
Electronic Mail
BIND Name Server Operations
Delegation and Registration
Security
Interoperability and Upgrading
Resolvers and Programming
Logging and Troubleshooting
IPv6