Returning Different Answers to Different Queriers

3.18.1 Problem

You want to configure a name server to return different answers to the same query depending on the IP address from which the query is sent.

3.18.2 Solution

Use BIND 9's view mechanism to create multiple versions of the zone that will contain the answer, and use the match-clients substatement to place the addresses of the queriers in the appropriate view.

For example, to have www.foo.example map to the address 192.168.0.10 for internal queries, and to the address 206.168.119.176 for queries from the Internet, create a db.foo.example.internal zone data file that includes this A record:

www.foo.example. IN A 192.168.0.10

Then create a db.foo.example.external zone data file that includes this record:

www.foo.example. IN A 206.168.119.176

Define an access control list in named.conf to match internal IP addresses:

acl internal { 192.168/16; };

Then configure the two versions of the zone in two view statements:

view internal {

 match-clients { internal; };

 zone "foo.example" {
 type master;
 file "db.foo.example.internal";
 };

};

view external {

 match-clients { any; };

 zone "foo.example" {
 type master;
 file "db.foo.example.external";
 };

};

3.18.3 Discussion

The first match-clients substatement that matches a querier's address determines which view the querier sees, so queries from addresses that don't match the internal ACL fall through to the external view and are answered from that version of foo.example.

The match-clients substatement defaults to any, so you can leave the substatement out of the external view entirely. However, subtlety is not always a virtue when writing named.conf files, so you might want to use an explicit substatement, as I did here, to make the configuration that much easier to grok.

3.18.4 See Also

If you want the name server to return the same answer, but with the records in a different order, see Section 3.19. If you need to set up a slave name server for zones in multiple views on your primary master -- and you have my sympathy -- brace yourself, then read Section 3.20. For more information on views, see "Views" in Chapter 10 of DNS and BIND.

Getting Started

Zone Data

BIND Name Server Configuration

Electronic Mail

BIND Name Server Operations

Delegation and Registration

Security

Interoperability and Upgrading

Resolvers and Programming

Logging and Troubleshooting

IPv6



DNS & BIND Cookbook
DNS & BIND Cookbook
ISBN: 0596004109
EAN: 2147483647
Year: 2005
Pages: 220
Authors: Cricket Liu

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net