BIND views and slaves
Brian Schang
bind at lists.schang.net
Sun Sep 5 18:58:02 UTC 2010
Hello:
I am a hobbyist and am using BIND 9.5 on my Linux system. I run my own
DNS server as a master server for my own domains and as a slave for my
friend's domains (we are each other's backup). I would like to start
using views so that I can have a different zone definition within and
outside of my LAN.
BIND is working fine with the master zones. However I don't think that I
have the slaves set up properly, and actually I'm not sure whether BIND
can do what I want/need. In summary I need the same slave zone
definition in both my internal and external view.
Excerpts from my named.conf file:
acl internal {
127.0.0.0/8; # localhost;
192.168.69.0/24; # My internal subnet;
};
view "internal" {
match-clients { internal; };
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
zone "schang.net" {
type master;
#notify yes;
file "master/schang.net.internal";
};
zone "n8hqg.mi.org" {
type slave;
file "slave/n8hqg.mi.org";
masters { 68.253.102.9; };
};
};
view "external" {
match-clients { !internal; any; };
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
zone "schang.net" {
type master;
notify yes;
file "master/schang.net.external";
};
zone "n8hqg.mi.org" {
type slave;
file "slave/n8hqg.mi.org";
masters { 68.253.102.9; };
};
};
I want n8hqg.mi.org to have the same content in both the internal view
and in the external zone. My concerns:
(1) When n8hqg.mi.org sends a update notification, it will be received
by my external view and the internal will not be updated. Is this true?
(2) I have defined n8hqg.mi.org to use the same zone file in both my
internal and external view. Will named get confused by this? Will the
cache (in memory) get out of sync with the file contents?
I googling, I see that one solution is to use another IP address to
force updates notifications to work properly. As a hobbyist, I don't
have extra externally addressable IP addresses. I'm not sure this will
work for me.
Bottom line -- is it possible for me to have an internal view and an
external view (driven by schang.net), but yet keep the slave for
n8hqg.mi.org in sync?
Any comments and advice is appreciated.
Thank you.
More information about the bind-users
mailing list