We're running the RHEL release of BIND version 9.8.2-0.37.rc1.el6_7.2. My
environment consists of two slave DNS servers and one master server all running
BIND. The master name server also runs an application and database that builds
each zone file, but is not split-horizon compatible. I have a need to resolve a
single name to IP address differently for internal and external clients.
I would like to change as little as possible without making this change too
kludgy. We've developed a potential solution that I wanted to run by this
group. Our solution is to create a new sub-domain within our domain, say
xxx.test.mydomain.com. I want xxx.test.mydomain.com to resolve to a private
address internally, and a public Internet IP externally, for a voice
application. Our proposed solution is:
- Slave servers are authoritative for mydomain.com and test.mydomain.com
- No change to the master name server
- Create the new subdomain test.mydomain.com on both slave DNS servers
and store two copies of the zone file locally (manually updated when
necessary), one for each view. Each slave DNS server is a local
master for this one zone only.
- Modify slave named.conf configuration to use BIND Views, creating two
views, one for internal and one for external and an ACL to distinguish the
clients
- Declare each zone and its master name server it both views.
- The internal view declaration will use the internal copy of the zone
file and the external view will use the external copy.
- All other zones will continue to be updated from the master name
server as they do now.
One particular concern we have is with zone transfers from the master name
server, which has not been configured for multiple views. Will the slave DNS
server store separate copies of each zone, do we need to name the local file
differently for each view, and can the single zone transfer from the master
update both views simultaneously? Here is a partial configuration from one of
the slave name servers to explain the scenario:
/etc/named.conf:
view "internal" {
match-clients { internals; };
zone "test.mydomain.com" {
type master;
file "data/int_test.mydomain.com";
};
# other slave zones
zone "yyy.mydomain.com" {
type slave;
file "data/yyy.mydomain.com"; <== Can the filename for local copy of
a slave zone be the same for both views?
masters {
172.26.1.1;
};
};
};
view "external" {
match-clients { external; };
zone "test.mydomain.com" {
type master;
file "data/ext_test.mydomain.com";
};
# other slave zones
zone "yyy.mydomain.com" {
type slave;
file "data/yyy.mydomain.com";
masters {
172.26.1.1;
};
};
};
-Mike
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
