Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 20 Apr 2003 02:24:38 +0400 (MSD)
From:      "."@babolo.ru
To:        Jeremy Chadwick <freebsd@jdc.parodius.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: BIND-8/9 interface bug? Or is it FreeBSD?
Message-ID:  <1050791079.007237.719.nullmailer@cicuta.babolo.ru>
In-Reply-To: <20030419064801.GA11635@parodius.com>

next in thread | previous in thread | raw e-mail | index | archive | help
>         The secondary is configured literally identical to the
>         primary, except that the IPs have changed and _all_ of
>         the zones are type slave.
> 
>         I see the exact same problem on the secondary (again,
>         outgoing traffic on the public interface with an IP of
>         the private), except that the src & dst IPs apply to
>         the private IP on the secondary and the WAN IP of the
>         primary, respectively.  Sorry if that's confusing.  :-)
> 
>         Thank you for your below example -- I didn't consider that
>         BIND would do something that ""silly"" (note quotes), but
>         now it makes sense.
> 
>         I believe removing the query-source option could in fact
>         solve the problem, but there is a specific reason for it's
>         existance -- we rely on the MAPS RBL+ service for SBL lookups,
>         which are DNS based.  Permission to the RBL+ service is based
>         on the IP doing the query.  Since the nameserver IPs are
>         IP aliases, if I do not specify this, the queries come from
>         the first IP in the list shown in ifconfig -a.
> 
>         If there's a workaround for this, I'd love to hear it.  :-)
I use different named in different jails for
public and private zones.
Each pair on one host.
Jail garantee that only dedicated IP will be used.

possible transfers are:

host1               host2

priv named <---> priv named
    ^                ^
    |                |
    V                V
 pub named <----> pub named

public named knows nothing about private zones
private named is used by clients and
forwards queryes to his public partner
on the same host for non-private zones
and have all private zones as master or slave

PS
http://free.babolo.ru/ports/jailup/
to easy establish jailed services



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1050791079.007237.719.nullmailer>