Clients Matching Multiple Views

Brian Cuttler brian at wadsworth.org
Thu Apr 10 14:08:19 UTC 2014 

I had something similar a while back.

view 1
{
include external tables
include common tables
}

view 2
{
include internal tables
include common tables
}

Read that as tables for ONLY-internal or ONLY-external view.

I define each entry exactly once, also pushing stuff off to
the common include means I don't have to have two entries for
the same machine (one per view).

On Wed, Apr 09, 2014 at 08:37:20AM +0100, Mike Meredith wrote:
> Hi!
> 
> Using BIND 9.9 here ...
> 
> I have a collection of secondaries with various zone masters (the
> majority BIND, some ActiveDirectory). Some of the secondary DNS servers
> are for internal use only; some are externally visible, but all are
> configured with a common configuration file. 
> 
> I have a need to make _some_ zones visible only internally with an
> alternate zone visible externally. But the overwhelming majority of the
> zones remain as they are. I guess you could call this "partial
> split-view". 
> 
> I can do this in either of two rather inconvenient ways ... either I
> split the configuration of the secondaries with the externally visible
> ones configured differently to the internal ones, or I create two views
> ("internal" and "external") with the overwhelming majority of the zones
> defined twice.
> 
> Neither option seems appealing.
> 
> What I've also tried is to create three views with configurations
> like :-
> 
> view "default" {
>   match-clients { any; };
>   recursion no;
> 
>   /* The majority of the zones */
> };
> 
> view "internal" {
>   match-clients { internal; };
>   recursion yes;
> 
>   /* The internal zones */
> };
> 
> view "external" {
>   match-clients { external; };
>   recursion no;
> 
>   /* The external zones */
> };
> 
> ... so that if a client matches multiple views, it tries each in turn.
> However that doesn't seem to work, and the documentation implies that
> it won't. 
> 
> Am I missing something obvious? Such as it should work, but I've
> somehow messed up? Or perhaps there's some option I've missed? Or am I
> out of luck?
> 
> -- 
> Mike Meredith, University of Portsmouth
> Principal Systems Engineer, Hostmaster, Security, and Timelord!
>  
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
---
   Brian R Cuttler                 brian.cuttler at wadsworth.org
   Computer Systems Support        (v) 518 486-1697
   Wadsworth Center                (f) 518 473-6384
   NYS Department of Health        Help Desk 518 473-0773

More information about the bind-users mailing list