As I understand it bind_dlz does not support multiple views, I have to
following scenario and am trying to figure out how to configure it:
* Internal (192.168.10.0/24)
o resolve internal domain xyz.com
o resolve internal samba domain xyz.lab
o resolve single address xyz.3cx.us to 192.168.10.25
* External is resolved by a different server and xyz.3cx.us resolves
to a public address
* VPN (10.9.0.0/24)
o resolve internal domain xyz.com
o resolve internal samba domain xyz.lab
o resolve single address xyz.3cx.us via normal public dns or
alternatively resolve to external address
I initially set this up with views:
acl internals { 192.168.10.0/24; 192.168.11.0/24; localhost; };
acl vpn { 10.9.0.0/24; };
view trusted {
match-clients { internals; };
zone "MYDOMAIN.com" IN { type master; file
"/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };
zone "3cx.us" IN { type master; file "/etc/bind/db.3cx.us";
allow-update { none; }; };
};
view vpn {
match-clients { vpn; };
zone "MYDOMAIN.com" IN { type master; file
"/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };
};
But this crashes as soon as I add:
dlz "AD DNS Zone" {
database "dlopen
/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_18.so";
};
So I split out DNS from ADDC, configured bind on DC to forward to
another DNS and setup views there, but that doesnt work either as all
requests now come from IP of the DC and so the ACLs wont match.
Any ideas how I can accomplish this?
Peter
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
