transfer with views
Gary Wallis
wgg1970 at gmail.com
Sat Jan 1 15:15:28 UTC 2011
Alan Clegg wrote:
>...
>> Given choices, I think I'm in agreement with you: I'd chose to not do
>> views.
>>
>> Based on the posts here, the OP is going to do views. The best thing to
>> do is provide the best method of replicating those views to the machines
>> that are providing slave services without using external applications.
>>
>> If it were me and I had no other choice than to use views, I'd get into
>> the system and re-wire everything using BIND 9.7.2 and write a set of
>> scripts that used "rndc addzone" and "rndc delzone" to control the
>> master and all of the slaves, configure TSIG keys to manage zone
>> transfers between hosts, etc.
>>
>>> Cheers!
>>
>> and Happy New Year!
>>
>> May 2011 be the best one before we all perish in the fires of whatever
>> is going to happen in 2012! :)
>>
>> AlanC
> Much thanks! I will look into the TSIG key method for view transfers,
> and see if the very conservative (but that I am stuck with) CentOS BIND
> version supports it.
>
> Cheers!
> Gary
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
Found it in a Mark Andrews post:
http://www.mail-archive.com/bind-users@lists.isc.org/msg03593.html
Main snippet:
"The general and robust solution is:
acl allviewkeys { key A; key B; key C; key D; };
match-clients { key A; !allviewkeys; subnet A; }
match-clients { key B; !allviewkeys; subnet B; }
match-clients { key C; !allviewkeys; subnet C; }
match-clients { key D; !allviewkeys; subnet D; }
This is easily expandable to many views without having to touch
each view when a new view is added. The order of the match-clients
acl is important."
Cheers!
Gary
More information about the bind-users
mailing list