DNS config help
Matthew Seaman
m.seaman at infracaninophile.co.uk
Thu Nov 3 10:35:53 UTC 2011
On 03/11/2011 10:00, Damien Fleuriot wrote:
> You can simply create a forward zone.
Actually, yes, that's a good idea too. Should have much the same effect
and it's been available in BIND approximately forever. There's
difference in the niggling details of how it all works, so worth
experimenting with the different possibilities.
>>> When I am connected to the VPN, vpn.example.com, I want queries for
>>> >> anything going to example.com to go a specific DNS, and everything else
>>> >> on 10.x to go to my regular DNS. Please let me know if I need to
>>> >> provide more info. Thanks in advance for any help.
>> >
>> > Hmmm.... I don't think you're going to have much fun at all if you try
>> > and modify your named configuration depending on whether your VPN is up
>> > or not. DNS TTLs are generally of the order of days -- that should be
>> > taken as a measure of the minimum time that should go between restarts
>> > of a recursive DNS (ideally, and as a long term average). Better to
>> > just fail the lookup when the VPN is down.
>> >
> Actually, using a view that matches only the VPN's IP range would do the
> trick easily and efficiently.
Views are a way of giving a different answer depending on who is asking
the question -- how does that help the OP when he's always querying from
within his 10.0.0.0/8 network? He's the client connecting to the VPN here.
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew at infracaninophile.co.uk Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20111103/014cdac6/signature.pgp
More information about the freebsd-questions
mailing list