what needs to go in an "external" view?
Mark Andrews
Mark_Andrews at isc.org
Tue Mar 29 00:38:38 UTC 2005
> In article <d294af$2eu5$1 at sf1.isc.org>, <aklist_bind at enigmedia.com>
> wrote:
>
> > Hi All:
> >
> > I've split up my config file into two views, one for my internal subnet and
>
> > one for the rest of the world.
> >
> > In my internal view, I have the following files:
> >
> > 127.0.0.0. reverse zone
> > 192.168.1.0 reverse zone
> > local host zone
> > hints zone
> > + locally referenced zones
> >
> > In my external view, I have all the public zone data I'm authoritative for.
> >
> > Question is, do I also need any of the files in my internal zone copied int
> o
> > the external one? My sense is that they're only relevant to the local NS
> > itself, and not any other server?
>
> Your sense is correct. The only things that need to be in the external
> view are zones that are actually delegated to your server. If an
> external machine is querying your server for anything else, it's at best
> a mistake, and at worst a potential attack.
This is not necessarily complete. For NOTIFY to work
authoritative servers need to lookup the addresses of the
other servers for the zones being served. This may require
the server to perform a iterative lookup so hints would be
required in that case.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list