From owner-freebsd-questions@FreeBSD.ORG  Thu Nov  3 07:51:19 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 150B5106564A
	for <freebsd-questions@freebsd.org>;
	Thu,  3 Nov 2011 07:51:19 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78])
	by mx1.freebsd.org (Postfix) with ESMTP id 99D1B8FC12
	for <freebsd-questions@freebsd.org>;
	Thu,  3 Nov 2011 07:51:18 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
	[81.187.76.163]) (authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id
	pA37pDO5042660
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Thu, 3 Nov 2011 07:51:14 GMT
	(envelope-from m.seaman@infracaninophile.co.uk)
X-DKIM: OpenDKIM Filter v2.4.1 smtp.infracaninophile.co.uk pA37pDO5042660
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=infracaninophile.co.uk; s=201001-infracaninophile; t=1320306674;
	bh=VtlVwLccE8TCYbMC8NK6aQf9XfPygv0gx4esvtYFxIE=;
	h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References:
	In-Reply-To:Content-Type;
	b=slhxa7FTepAmr+vqQKmJGDls+f+6tncpJx8+oDl+vcJ0iYYmX8YbXg2z4mvgHIxZw
	D9WQnFoXjzHobMmqxrmJSMB24y1vXs5vu62K4g7A2t40W3gTH8jJeNMPLzmziBlHO5
	yGpgHjTiO+4nokRYTYECzXkbBEIc7wp+Tc0ha2Tc=
Message-ID: <4EB247E7.1010708@infracaninophile.co.uk>
Date: Thu, 03 Nov 2011 07:51:03 +0000
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
	rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: AN <andy@neu.net>
References: <alpine.BSF.2.00.1111022050300.6875@mail.neu.net>
In-Reply-To: <alpine.BSF.2.00.1111022050300.6875@mail.neu.net>
X-Enigmail-Version: 1.3.2
OpenPGP: id=60AE908C
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig211D2095B954D7E0E0C150D1"
X-Virus-Scanned: clamav-milter 0.97.3 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_20,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,SPF_FAIL autolearn=no version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	lucid-nonsense.infracaninophile.co.uk
Cc: freebsd-questions@freebsd.org
Subject: Re: DNS config help
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2011 07:51:19 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig211D2095B954D7E0E0C150D1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 02/11/2011 20:52, AN wrote:
> I have a question about how to configure DNS.  My local network is 10.x=
,
> and I sometimes need to connect to a remote VPN.  My question is how do=

> I configure BIND to forward queries to a different server only for a
> specific domain.

This sounds like a job for a static-stub domain.  That's a fairly new
feature in BIND, so you may well need to install bind98 from ports.  See
the documentation here:

http://ftp.isc.org/isc/bind9/cur/9.8/doc/arm/Bv9ARM.ch06.html#zone_statem=
ent_grammar

> When I am connected to the VPN, vpn.example.com, I want queries for
> anything going to example.com  to go a specific DNS, and everything els=
e
> on 10.x to go to my regular DNS.  Please let me know if I need to
> provide more info.  Thanks in advance for any help.

Hmmm.... I don't think you're going to have much fun at all if you try
and modify your named configuration depending on whether your VPN is up
or not.  DNS TTLs are generally of the order of days -- that should be
taken as a measure of the minimum time that should go between restarts
of a recursive DNS (ideally, and as a long term average).  Better to
just fail the lookup when the VPN is down.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW


--------------enig211D2095B954D7E0E0C150D1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6yR/EACgkQ8Mjk52CukIxeFwCfdY24tmHqcd0XMRm4ntZ6olaE
dNMAn02wH6zD3XLzqkZFM5A9n8u7GH9o
=6nsB
-----END PGP SIGNATURE-----

--------------enig211D2095B954D7E0E0C150D1--