[Pdns-users] ACL based on source IP
aj.mckee at druid-dns.com
Wed Mar 5 10:05:25 UTC 2014
From your description it appears what you are looking to implement is something akin to BIND views.
This is not possible with a vanilla PDNS instance. However you could overcome this by using a custom backend, say in python that would search a different table space based on the client IP. It sounds difficult, but really its not, and a custom backend is a joyful learning experience.
You could probably do it another way using recursor and multiple pens instances, but I am only guessing here, have never really used recursor.
You could also use IPTABLES here as well, and direct the query to the inside/outside instance of PDNS (You can launch many instances on several different ports all accessing the same database, but you may want to use a custom SQL query if using MySQL as your backend). This may be handy when you want to scale out a little too.
In short, no, but there are many ways to achieve what you want.
On 5 March 2014 at 10:27:41, Andrea Cappelli (a.cappelli at gmail.com) wrote:
I have a PowerDNS instance with many zones
I would create an ACL on the IP from which the request came to
1) reply a different value
2) doesn't reply at all
So for example for record foo.bar I can reply xxx.yyy.zzz.kkk if the
request arrives from an internal server and deny if arrives from an
Pdns-users mailing list
Pdns-users at mailman.powerdns.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pdns-users