BIND-8/9 interface bug? Or is it FreeBSD?
"." at babolo.ru
"." at babolo.ru
Sat Apr 19 15:21:44 PDT 2003
> The secondary is configured literally identical to the
> primary, except that the IPs have changed and _all_ of
> the zones are type slave.
>
> I see the exact same problem on the secondary (again,
> outgoing traffic on the public interface with an IP of
> the private), except that the src & dst IPs apply to
> the private IP on the secondary and the WAN IP of the
> primary, respectively. Sorry if that's confusing. :-)
>
> Thank you for your below example -- I didn't consider that
> BIND would do something that ""silly"" (note quotes), but
> now it makes sense.
>
> I believe removing the query-source option could in fact
> solve the problem, but there is a specific reason for it's
> existance -- we rely on the MAPS RBL+ service for SBL lookups,
> which are DNS based. Permission to the RBL+ service is based
> on the IP doing the query. Since the nameserver IPs are
> IP aliases, if I do not specify this, the queries come from
> the first IP in the list shown in ifconfig -a.
>
> If there's a workaround for this, I'd love to hear it. :-)
I use different named in different jails for
public and private zones.
Each pair on one host.
Jail garantee that only dedicated IP will be used.
possible transfers are:
host1 host2
priv named <---> priv named
^ ^
| |
V V
pub named <----> pub named
public named knows nothing about private zones
private named is used by clients and
forwards queryes to his public partner
on the same host for non-private zones
and have all private zones as master or slave
PS
http://free.babolo.ru/ports/jailup/
to easy establish jailed services
More information about the freebsd-net
mailing list