Implementing Views : root and loopback
Walker Simon-SWALKER1
swalker at metrowerks.com
Tue Dec 10 13:11:45 UTC 2002
Hi everyone,
I am reading about the use of a view in the DNS 9.22rc1 and see that this is a good security feature.
What I wanted to ask was about the loopback and root hint zone.
In O'reilly there is an example of using views and it says that "if you configure even one view statement, all your zone statements must appear with explicit views"
The Example :
options {
directory "/var/named";
};
acl "fx-subset" { 192.168.254/24; };
view "internal" { // internal view of our zones
match-clients {"fx-subnet"; };
zone "fx.movie.edu" {
type master;
file "db.fx.movie.edu";
};
zone "254.168.192.in-addr.arpa" {
type master;
file "db.192.168.254";
};
};
view "external" { //view of our zones for the rest of the world
match-clients { any; }; // implicit
recursion no; // outside of our subnet, they shouldn't be
// requesting recursion
zone "fx.movie.edu" {
type master;
file "db.fx.movie.edu.external"; // external zone data file
};
zone "254.168.192.in-addr.arpa" {
type master;
file "db.192.168.254.external"; // external zone data file
};
};
So the question is what do I do with the "0.0.127.in-addr.arpa" and "." zone?
Do I need to add them to each view, both internal and external? or keep them only for the internal view?
As I write this I think the internal view...am I wrong?
Regards,
Si.
More information about the bind-users
mailing list