"catch all" view?
Barry Finkel
b19141 at achilles.ctd.anl.gov
Mon Sep 23 14:46:22 UTC 2002
Brian Korver <briank at briank.com> wrote:
> It doesn't appear that we can define a "global" view, but I
> thought I'd ask anyways....
>
> I want to define two views: "everyone" and "internals".
> The zones in "everyone" should be available to absolutely
> everyone, including the folks in "internals". However,
> it appears that the first match-client prevails, such
> that any client will only see one view: there are no
> unions of views.
>
>For the sake of this example, let's say that I want the
>following views:
>
> everyone briank.com
> internals briank.com and briank.com.local
>
>I looked in the list archives and in the docs at
>http://www.nominum.com/resources/documentation/Bv9ARM.pdf
>and both seem to say that I need to define the views with
>the common information repeated, like:
>
> acl internals { 127.0.0.1; };
>
> view "internals" {
> match-clients { internals; };
> zone "briank.com.local" {...}
> zone "briank.com" {...} # duplicated below
> };
>
> view "everyone" {
> match-clients { any; };
> zone "briank.com" {...}
> };
>
>but that requires putting identical zones into multiple views.
>Yuck.
>
>Is there anyway to specify a view that is completely global,
>so that I don't have to put the zones that are available
>to absolutely everyone in each and every specific view?
>I know it's not (currently) legal, but I'd love the syntax:
>
> acl internals { 127.0.0.1; };
>
> // briank.com is exported to absolutely everyone
> zone "briank.com" {...}
>
> view "internals" {
> match-clients { internals; };
> zone "briank.com.local" {...} # 10.0.0/24
> };
>
>Am I asking for too much?
If you do not want to put identical zones into multiple views, do as
I did. Move those zone definitions that need to appear in each view
into a separate file
named.conf.non-views
and then
$include "named.conf.non-views';
in the parent named.conf file in each view. I have no problems with
this, but I am not sure that the BIND-supplied script
named-checkconf
reads $include files. I seem to remember someone posting recently that
it did not, but that is a minor problem.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list