[Pdns-users] Multi-homed DNS?
Norbert Sendetzky
norbert at linuxnetworks.de
Fri Aug 29 17:03:14 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 29 August 2003 18:46, Damian Gerow wrote:
> I want (to have my cake and eat it too) to be able to maintain
> *one* database with *one* set of records for a zone. But to be
> able to restrict RRs to certain networks. i.e. I have a domain
> example.org, and I run my internal LAN on that. I don't want the
> world being able to do DNS lookups for internal workstations, but I
> /also/ don't want to have to maintain two copies of
> www.example.org, ftp.example.org, mx1.example,org, mx2.example.org,
> mx3.example.org, mail.example.org, etc.
Perhaps I have a solution for your problem, but that requires a ldap
server:
Set up two instances of PowerDNS accessing a common ldap server which
holds your dns records. The trick is to move your official records to
one subtree and your private records to another, e.g
ou=public,ou=hosts and ou=private,ou=hosts (your SOA record have to
be below ou=public). Configure your pdns instances to access
different parts of your tree, e.g the basedn of your public server
points to ou=public,ou=hosts and your private server to ou=hosts. Now
your private server can see all your records while the public server
only can see records below ou=public,ou=hosts.
Norbert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj9Ph1IACgkQxMLs5v5/7eAdSwCfXncSwv7WbgTUy7UYqAwmufQR
qPYAnAk7PwNtsDsCmTcpN+x8oSF/Zfuk
=ngZ5
-----END PGP SIGNATURE-----
More information about the Pdns-users
mailing list