Getting default version.bind with views
Bill Larson
wllarso at swcp.com
Wed May 22 18:21:40 UTC 2002
I have set up BIND-9.2.1 using views to provide separate internal and
external DNS information. Now, I would like to provide access to the
"version.bind" and "authors.bind" information also, but in a protected
manner.
I want my internal systems to be able to access this info, but I would
like to provide different info to external queries. I have been
following the "Secure BIND Template"
(http://www.enteract.com/~robt/Docs/Articles/secure-bind-template.html
- thank you Rob!) and have created a separate zone file for the
"*.bind" zone, My internal systems can get what is provided in this
zone while external systems are blocked. In my "named.conf" file I
have:
view "public-chaos" chaos {
match-clients { any; };
recursion no;
zone "." {
type hint;
file "/dev/null";
};
zone "bind" {
type master;
file "hints/db.bind";
allow-query{ internal-hosts; };
allow-transfer { none; };
};
};
But, these results aren't exactly what I want. I would much prefer to
have this "public-chaos" view available to anyone that is not one of my
internal systems, where I can specify exactly what "version.bind" and
"authors.bind" information is provided, and provide the BIND supplied
information for this same information to my internal systems.
I can see that I can create two views for the chaos class for providing
different "bind" zone information to internal and external hosts. But
these separate internal and external views would require that I create
zone files for this information. Is it possible to provide the BIND
built in information for the ".bind" domain for some zones while
creating another view which provides differnt "*.bind" information to
everyone else?
Thank you,
Bill Larson
More information about the bind-users
mailing list