BestHub
Sign in
Operations 5 min read

Configure DNS ACLs and Views for Selective Client Responses

This guide walks through preparing three hosts, setting up DNS server ACLs, defining BIND views, editing zone files, and testing to ensure the server replies with different IP addresses based on the requesting client.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
Configure DNS ACLs and Views for Selective Client Responses

1. Environment Preparation

Prepare three machines with the following network settings:

DNS server (dual NICs): eth0 192.168.10.203, eth1 172.16.2.10

Test machine 1 (dual NICs): eth0 172.16.2.11 (external address)

Test machine 2 (single NIC): eth0 192.168.10.103 (internal address)

Ensure the DNS server is fully installed and operational.

2. Experiment Requirements

(1) The DNS server must only answer queries from test machine 2 and reject those from test machine 1.

(2) Using BIND view, respond to queries for www.mylinux.com with different IP addresses for each test machine.

3. ACL Configuration

Define the ACL at the top of /etc/named.conf and apply it in /etc/named.rfc1912.zones for the mylinux.com zone.

Check the syntax of both files and reload the main configuration, then verify the ACL works by testing from each machine.

4. View Setup

Edit /etc/named.conf to remove the root zone information.

Define two ACLs (details shown in the original images) and edit /etc/named.rfc1912.zones to add two views:

view "work" {
    match-clients { my_work; };
    allow-recursion { my_work; };
    // internal network view
    zone "mylinux.com" IN {
        type master;
        file "mylinux.com.zone";
    };
};

view "my_internet" {
    match-clients { my_internet; };
    allow-recursion { none; };
    // internet view
    zone "mylinux.com" IN {
        type master;
        file "mylinux.com.zone.internet";
    };
};

Also include standard root, localhost, and reverse‑lookup zones as shown in the source.

5. Zone Files

Create mylinux.com.zone and mylinux.com.zone.internet with the appropriate A records (see source images).

6. Validation and Testing

Check the syntax of the main configuration and zone files, reload BIND, and perform tests:

Test machine 1 receives IPs 172.16.10.100 and 172.168.10.101 for www.mylinux.com.

Test machine 2 receives IPs 192.168.10.100 and 192.168.10.101 for the same host.

The DNS server now correctly distinguishes between internal and external clients using ACLs and views.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

DNSServerViewBINDACLnetwork-configuration
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment