Re: multiple `zone' clauses for a single domain?

Fri, 25 Nov 2011 14:03:27 -0800 

On 25/11/2011 16:59, Marek Kozlowski wrote:
> Is it allowed to use a few `zone' clauses for a single domain? Is
> something like this correct:
> 
> zone "mickey.mouse.com" in {
>         type master;
>         file "pri/mickey-public.zone";
>         allow-query { any; };
>         allow-transfer { xfer; };
> };
> 
> zone "mickey.mouse.com" in {
>         type master;
>         file "pri/mickey-private.zone";
>         allow-query { trusted; };
>         allow-transfer { xfer; };
> };
> 
> where `mickey-public.zone' stores information on public hosts from my
> domain while `mickey-private.zone' stores hosts that should be
> visible/known only for trusted host?

This doesn't work -- you can't mix the data from two different zone
files in this way.  One zone file per zone is the rule. Although that
file can include others, this doesn't really provide scope for the sort
of thing you want to do.

> Should I duplicate all records from `mickey-public.zone' in
> `mickey-private.zone'?

Duplicating records like that is annoying and error prone.  It's a
better strategy to create separate zones for your private internal and
your public data.  So you can have example.com published to the world,
and example.local just for your private stuff.  Or you could create a
sub-domain of your globally published data eg. local.example.com
(Although in this case, if you delegate the private zone from the public
one, the delegation records and any glue will be publicly available,
which may not be desirable.)

> Do I *have* to use views to deal with such distinction or can I specify
> it just as above without views?

If you need to give different answers from the same server depending on
who is asking the question, then, yes, you definitely need views.

        Cheers,

        Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matt...@infracaninophile.co.uk               Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to