| 1 |
On Tuesday 23 July 2013 10:25:51 Alan McKinnon wrote: |
| 2 |
> What you want to accomplish is cache-poisoning. There's a few ways to do |
| 3 |
> it, but it's not easy. |
| 4 |
> |
| 5 |
> You can load the customized copy of the zone onto the cache that your |
| 6 |
> internal hosts use, or set up an authoritative internal-only server. |
| 7 |
> |
| 8 |
> This stuff gets tricky, every time I have to investigate our setup that |
| 9 |
> does something similar, I need to work it out in my head all over again. |
| 10 |
> |
| 11 |
> The best advice I can give is DO NOT TRY AND ACCOMPLISH THIS WITH ONE |
| 12 |
> DNS AUTH SERVER THAT SERVES INTERNAL AND EXTERNAL CLIENT. That way lies |
| 13 |
> a whole lotta pain. |
| 14 |
|
| 15 |
I see. This is a trivial feature in Dnsmasq (that's where I got the idea |
| 16 |
from), didn't except it to be this complicated in BIND. |
Archives