what needs to go in an "external" view?
Mark Andrews
Mark_Andrews at isc.org
Tue Mar 29 23:10:17 UTC 2005
> >> > Hi All:
> >> >
> >> > I've split up my config file into two views, one for my internal subnet
>
> >> > and
> >>
> >> > one for the rest of the world.
> >> >
> >> > In my internal view, I have the following files:
> >> >
> >> > 127.0.0.0. reverse zone
> >> > 192.168.1.0 reverse zone
> >> > local host zone
> >> > hints zone
> >> > + locally referenced zones
> >> >
> >> > In my external view, I have all the public zone data I'm authoritative
> >> > for.
> >> >
> >> > Question is, do I also need any of the files in my internal zone copied
>
> >> > int
> >> o
> >> > the external one? My sense is that they're only relevant to the local
> >> > NS
> >> > itself, and not any other server?
> >>
> >> Your sense is correct. The only things that need to be in the external
> >> view are zones that are actually delegated to your server. If an
> >> external machine is querying your server for anything else, it's at best
> >> a mistake, and at worst a potential attack.
> >
> >
> > This is not necessarily complete. For NOTIFY to work
> > authoritative servers need to lookup the addresses of the
> > other servers for the zones being served. This may require
> > the server to perform a iterative lookup so hints would be
> > required in that case.
> >
> > Mark
>
> Thanks Mark, so what you're saying is that I should also have the root hints
>
> file in my external view?
> TIA,
> AK
>
Yes.
You also want to disable recursion.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list