views and zone overlap

Barry Margolin barmar at alum.mit.edu
Thu Jul 14 00:43:32 UTC 2005 

In article <db261n$66m$1 at sf1.isc.org>, /dev/rob0 <rob0 at gmx.co.uk> 
wrote:

> I've wanted to mess with zones for quite some time, and being mentioned 
> in another thread I finally started to look at the documentation. But 
> I'm wondering about something I didn't see in the BIND 9 ARM, so I 
> suppose it's not possible ...
> 
> ... I have [for example] example.net. I want to have local clients given 
> dynamic DNS assignments in example.net, and I want to have my external 
> zone serving example.net to the world. The local view, a dynamic zone, 
> would only have the DHCP clients, internal hosts and aliases. The public 
> view, a static zone, would have my Internet hosts.
> 
> Can the local view fall back on the public one for resolving my Internet 
> hostnames? It appears that I have to duplicate the public zone data in 
> the local zone. Am I missing something? Is there an easy workaround to 
> do this transparently?

Put the common data in a separate file, and use $INCLUDE in the zone 
files for both views.

> It's worse than just having to edit two files. My public SOA is a 
> different machine than my local SOA. And of course editing a dynamic 
> zone file is rather ugly in and of itself.

Now you've got me confused.  If the servers for the two versions of the 
zone are different machines, why are you talking about using views?  
Views are normally used when one machine is supposed to be authoritative 
for two versions of the same zone.

How often do the records in your public version of the zone change, 
anyway?  For most organizations there are just a handful of public 
entries and their addresses rarely change, so it's not that big a deal 
to duplicate them in your private version of the zone.

One case where this could be problematic is if your web site is being 
hosted by a third party, who manages the public DNS for example.net.  
They might need to update the IP to reflect server migrations, and 
keeping your private DNS in sync could be difficult.  What you could 
possibly do is put NS records in the private zone that point to the 
external servers that hold the public version of the zone.  E.g.

www IN NS ns1.hosting.com.
    IN NS ns2.hosting.com.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

More information about the bind-users mailing list