From owner-freebsd-questions@FreeBSD.ORG  Thu Nov  3 10:35:53 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 494581065670
	for <freebsd-questions@freebsd.org>;
	Thu,  3 Nov 2011 10:35:53 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78])
	by mx1.freebsd.org (Postfix) with ESMTP id CBD1E8FC0C
	for <freebsd-questions@freebsd.org>;
	Thu,  3 Nov 2011 10:35:52 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
	[81.187.76.163]) (authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id
	pA3AZnQF044877
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>; Thu, 3 Nov 2011 10:35:49 GMT
	(envelope-from m.seaman@infracaninophile.co.uk)
X-DKIM: OpenDKIM Filter v2.4.1 smtp.infracaninophile.co.uk pA3AZnQF044877
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=infracaninophile.co.uk; s=201001-infracaninophile; t=1320316549;
	bh=bbuazSKUvRVpObYuITHlfNOFRBAy9a9lWdnP7DMQiwc=;
	h=Message-ID:Date:From:MIME-Version:To:Subject:References:
	In-Reply-To:Content-Type:Cc;
	b=JgM9fTlRVA77n27M98h+5iwVmY35SpHkVg2nEalR59YfnNhK6veOCCYlUrn/DdW3K
	0jiWOZxpuzFGMy5SYQs5Rlm4OWXJ+2lDnmyDjS0b3T55dR+FYNkjM0uWPUDg9wW3sW
	ZsNBTN+ekkeQGhG41igEAx+Y2Rjcnms3pu1nkBdM=
Message-ID: <4EB26E7D.3020105@infracaninophile.co.uk>
Date: Thu, 03 Nov 2011 10:35:41 +0000
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
	rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <alpine.BSF.2.00.1111022050300.6875@mail.neu.net>
	<4EB247E7.1010708@infracaninophile.co.uk> <4EB2662A.2010609@my.gd>
In-Reply-To: <4EB2662A.2010609@my.gd>
X-Enigmail-Version: 1.3.2
OpenPGP: id=60AE908C
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig0D14D87DB06F8E2EA54CC339"
X-Virus-Scanned: clamav-milter 0.97.3 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_05,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,SPF_FAIL autolearn=no version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	lucid-nonsense.infracaninophile.co.uk
Subject: Re: DNS config help
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2011 10:35:53 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig0D14D87DB06F8E2EA54CC339
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 03/11/2011 10:00, Damien Fleuriot wrote:

> You can simply create a forward zone.

Actually, yes, that's a good idea too.  Should have much the same effect
and it's been available in BIND approximately forever.  There's
difference in the niggling details of how it all works, so worth
experimenting with the different possibilities.

>>> When I am connected to the VPN, vpn.example.com, I want queries for
>>> >> anything going to example.com  to go a specific DNS, and everythin=
g else
>>> >> on 10.x to go to my regular DNS.  Please let me know if I need to
>>> >> provide more info.  Thanks in advance for any help.
>> >=20
>> > Hmmm.... I don't think you're going to have much fun at all if you t=
ry
>> > and modify your named configuration depending on whether your VPN is=
 up
>> > or not.  DNS TTLs are generally of the order of days -- that should =
be
>> > taken as a measure of the minimum time that should go between restar=
ts
>> > of a recursive DNS (ideally, and as a long term average).  Better to=

>> > just fail the lookup when the VPN is down.
>> >=20
> Actually, using a view that matches only the VPN's IP range would do th=
e
> trick easily and efficiently.

Views are a way of giving a different answer depending on who is asking
the question -- how does that help the OP when he's always querying from
within his 10.0.0.0/8 network?  He's the client connecting to the VPN her=
e.

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW


--------------enig0D14D87DB06F8E2EA54CC339
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6yboQACgkQ8Mjk52CukIyfKQCeOVLWj8BDhjv6ViYsTRT1LY8m
HfQAn3E9Wg5JnrkjHsxtywxIJ386sHQn
=Eno8
-----END PGP SIGNATURE-----

--------------enig0D14D87DB06F8E2EA54CC339--