When you say "alternate zone", do you mean *schizophrenic* (i.e. some
leaf-node names resolve to different RDATA between the versions), or do
you mean only that the versions bear a subset/superset relation to each
other, at least with respect to leaf nodes (SOA/NS records being a
different matter).
We have mostly a subset/superset arrangement, so our solution is for our
homegrown frontend (which only deals with leaf nodes) to automatically
synchronize the internal version to the external version. A single
transaction, from a user perspective, potentially updates both versions
of the zone on the backend.
I say "mostly" because some vendor's products (*cough*Microsoft*cough*)
have a hard requirement for schizophrenic DNS. Fortunately, we only have
a handful of those, treated as special exceptions to our normal processes.
- Kevin
On 4/9/2014 3:37 AM, Mike Meredith wrote:
Hi!
Using BIND 9.9 here ...
I have a collection of secondaries with various zone masters (the
majority BIND, some ActiveDirectory). Some of the secondary DNS servers
are for internal use only; some are externally visible, but all are
configured with a common configuration file.
I have a need to make _some_ zones visible only internally with an
alternate zone visible externally. But the overwhelming majority of the
zones remain as they are. I guess you could call this "partial
split-view".
I can do this in either of two rather inconvenient ways ... either I
split the configuration of the secondaries with the externally visible
ones configured differently to the internal ones, or I create two views
("internal" and "external") with the overwhelming majority of the zones
defined twice.
Neither option seems appealing.
What I've also tried is to create three views with configurations
like :-
view "default" {
match-clients { any; };
recursion no;
/* The majority of the zones */
};
view "internal" {
match-clients { internal; };
recursion yes;
/* The internal zones */
};
view "external" {
match-clients { external; };
recursion no;
/* The external zones */
};
... so that if a client matches multiple views, it tries each in turn.
However that doesn't seem to work, and the documentation implies that
it won't.
Am I missing something obvious? Such as it should work, but I've
somehow messed up? Or perhaps there's some option I've missed? Or am I
out of luck?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
