It's easy to make a BIND's view to match certain IPs with the aid of match-clients directive. But is it possible at all for a view to match not IPs, but users? For example service a is run under user b and when it query BIND, it should get to some predefined view. Something like match-users, if it was existed.
Asked
Active
Viewed 64 times
-1
Neurotransmitter
- 468
- 1
- 6
- 17
-
There is not authentication information sent from a typical client to the server – Zoredache May 22 '15 at 19:47
2 Answers
1
You could, assuming that you're using dhcpd, and with some scripting, associate users with either static IPs or DHCP entries. However, depending on what you're trying to achieve, you would likely need to create a separate view for every user. If you're using MS DHCP, I've no idea how those leases are stored, so parsing them for info may become truly prohibitive.
EDIT: Actually, with a little more subconscious gnawing on this idea, it occurred to me that you could actually spin up additional BIND instances attached to different IPs which are then handed to clients via DHCP. This type of thing intrigues me, so if it's a project you wanted to pursue, message me as I might be talked into helping with it.
Rick Buford
- 166
- 5
-
Idea is to redirect queries from some processes, which are typically run as a distinct users, to some views. – Neurotransmitter May 24 '15 at 14:51
-
I was thinking more along the lines of spinning up bind instances tied to virtual IPs based off DHCP leases. That way you could reuse some of the same zone files. – Rick Buford May 25 '15 at 00:39
-
The idea was to use a single BIND instance and its `view` feature. Anyway, since the target services work on 127.0.0.1, there will be no chance to distribute them among these specific BIND instances. – Neurotransmitter May 26 '15 at 14:24