On Fri, 31 Jan 2014 12:56:56 +0100, Jakob Schlyter wrote:
> Ramanou,
>
> Something like this should work:
>
> view "unsigned" {
> match-clients { 10.0.0.2; }; # match signer only
>
> zone "example.com" {
> type master;
> file "/var/named/unsigned/example.com";
> };
> };
>
> view "signed" {
> match-clients { any; }; # match anyone else
>
> zone "example.com" {
> type slave;
> masters { 10.0.0.2; };
> file "/var/named/signed/example.com";
> };
> };I recently built a BIND config very similar to this. Rather than using match-clients in each view, I gave each view its own IP address and used match-destinations. This means you can query the signed and unsigned views remotely, which is handy for debugging and monitoring. G. -- Gavin Brown Chief Technology Officer CentralNic Group plc (LSE:CNIC) Innovative, Reliable and Flexible Registry Services for ccTLD, gTLD and private domain name registries https://www.centralnic.com/ CentralNic Group plc is a company registered in England and Wales with company number 8576358. Registered Offices: 35-39 Moorgate, London, EC2R 6AR.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
