what needs to go in an "external" view?
aklist_bind at enigmedia.com
aklist_bind at enigmedia.com
Tue Mar 29 15:08:24 UTC 2005
>> > Hi All:
>> >
>> > I've split up my config file into two views, one for my internal subnet
>> > and
>>
>> > one for the rest of the world.
>> >
>> > In my internal view, I have the following files:
>> >
>> > 127.0.0.0. reverse zone
>> > 192.168.1.0 reverse zone
>> > local host zone
>> > hints zone
>> > + locally referenced zones
>> >
>> > In my external view, I have all the public zone data I'm authoritative
>> > for.
>> >
>> > Question is, do I also need any of the files in my internal zone copied
>> > int
>> o
>> > the external one? My sense is that they're only relevant to the local
>> > NS
>> > itself, and not any other server?
>>
>> Your sense is correct. The only things that need to be in the external
>> view are zones that are actually delegated to your server. If an
>> external machine is querying your server for anything else, it's at best
>> a mistake, and at worst a potential attack.
>
>
> This is not necessarily complete. For NOTIFY to work
> authoritative servers need to lookup the addresses of the
> other servers for the zones being served. This may require
> the server to perform a iterative lookup so hints would be
> required in that case.
>
> Mark
Thanks Mark, so what you're saying is that I should also have the root hints
file in my external view?
TIA,
AK
More information about the bind-users
mailing list