BIND9 Forwarding by view
Posted
by
Triztian
on Server Fault
See other posts from Server Fault
or by Triztian
Published on 2012-09-13T04:24:58Z
Indexed on
2012/09/13
21:40 UTC
Read the original article
Hit count: 168
Hi I think this is a simple issue, I'd like to forward only to certain IPs in the LAN network, for example I have 2 acl lists:
acl "office1" {
192.168.1.15; // With internet access
};
acl "production" {
192.168.1.101; // No internet access
};
I know that there probably should be more efficient ways to restrict internet access, but at the moment this is what I'd like to try.Here's what I've tried in named.conf.local
// Inlcude my acl definitions
include "/etc/bind/acls.conf";
view "no-internet" {
match-clients { production; };
include "/etc/bind/named.conf.default-zones";
zone "localdomain.com" {
type master;
file "/etc/bind/db.localdomain.com";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.1";
};
}
view "internet" {
match-clients { office1; };
include "/etc/bind/named.conf.default-zones";
forwarders {
201.56.59.14; // Made Up
201.56.59.15; // Made Up
};
zone "localdomain.com" {
type master;
file "/etc/bind/db.localdomain.com";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.1";
};
};
As you can see I want a localdomain.com defined for every computer in my network and forward internet access to the computers in the office but not to the ones on the production floor.
I've modified my conf file, however the IP in the "no-internet" acl is able to resolve the domains, even though I've rebooted the computer, flushed the DNS using ipconfig /flushdns and set my DNS Server as the only one, why is this still happening?
Thanks in advance.
© Server Fault or respective owner
