Quote:
Originally Posted by EverydayDiesel
I have been wanting to learn BIND for local dns.
|
You could use BIND, but there are replacements which may be easier to configure, maintain, manage, and use. One of those is
unbound(8), a caching DNS resolver which moved from ports to the base OS in -current (and the upcoming 5.6) in March. If you're running -release/-stable, unbound is in ports. Michael Lucas has a brief
howto on his blog.
Quote:
Can I configure bind to play nice with authpf? If the user is authenticated cache the nslookup (of it not, look it up from 4.4.4.4).
|
Certainly.
Quote:
If the user has not authenticated then route them to some kind of dummy dns?
|
I wouldn't do this. The client's local resolver may keep using your fake addresses after the client completes authentication. Just use rdr-to, and for applicable traffic, divert-to.
A PF-based solution will not cause problems for an eventually authorized client.