BIND-8/9 interface bug? Or is it FreeBSD?
Paul Schenkeveld
fb-net at psconsult.nl
Sun Apr 20 02:44:36 PDT 2003
Hi Jeremy,
On Sat, Apr 19, 2003 at 03:39:13PM -0700, Jeremy Chadwick wrote:
> I hadn't considered jails -- I can't believe I forgot about
> them. An excellent idea.
>
> For now, I've moved both of my nameservers over to relying
> entirely on the public IP network for transmission of
> everything, and as expected, it works great. I might have
> to try the jail method for the private network!
I've had good results running separate named instances for internal and
external zoned within jails for two or three years now.
Reading the last few messages in this thread another possible solution
came to mind. What about adding host routes for the public address
to send all this traffic over your private network. This does not
limit traffic to DNS, in fact all traffic between the two machines
will be over your private link whether the private or the public
address is used. Example
External subnet, public addresses
---------------+--------------------------------+---------------
| |
| p.q.r.a | p.q.r.b
+----------------------------+ +----------------------------+
| | | |
| route add -host \ | | route add -host \ |
| p.q.r.b 10.0.0.y | | p.q.r.a 10.0.0.x |
| | | |
| | | |
| | | |
+----------------------------+ +----------------------------+
| 10.0.0.x | 10.0.0.y
| |
| |
---------------+--------------------------------+---------------
Internal subnet, private addresses
It might be necessary to adjust your ipfw rules a bit but I seem to
remember you allow all traffic over your private interface.
Regards,
Paul Schenkeveld, Consultant
PSconsult ICT Dervices BV
More information about the freebsd-net
mailing list