Split DNS Bind9 views match-client request IP

Question

I'm pulling my hair out over this one. I am trying to control/redirect specific traffic to use googles dns entries or to use a blackhole zone using BIND9 views on my ubuntu server.

Psuedo: If request IP address is in LIST A, use googles DNS... else use blackhole zone.

I have updated my laptop (177.122.109.22) to use my DNS server, but for some reason the view using the "good" acl doesn't get matched.

Here is what I have in my named.conf.local:

acl "good" {
    177.122.109.22 // my laptop IP (made this up)
};

view "can-browse-internet" {
    match-clients { good; };
    zone "." {
            type forward;
            forward only;
            forwarders {
                    8.8.8.8;
                    8.8.4.4;
            };
    };
};

view "cannot-browse" {
    match-clients { any; };
    zone "." in {
            type master;
            file "/etc/bind/db.catchall";
    };
};

The query should stick me in the "can-browse-internet" zone, but it's not. What am I missing? Thanks in advance!

score 0 · Answer 1 · answered Nov 16 '15 at 00:55

0

match-clients { !good; any; };

answered Nov 16 '15 at 00:55

Jacob Evans

7,636
3
25
55

score 0 · Answer 2 · answered Jun 06 '18 at 20:57

0

I think good acl should include ALL local addresses of the laptop, especially the loopback address(es): 127.0.0.1 and possibly ::1.

answered Jun 06 '18 at 20:57

Tomek

2,950
1
15
9

Split DNS Bind9 views match-client request IP

2 Answers2