Need secure_zone, where did it go (bind 8)

[Jim Reid]

>>>>> "James" == James T Kirk <manfred at telco-tech.de> writes:


    James> From the "Bind Operators Guide": " secure zones ...  This
    James> feature can be used to ...  separate internal and exter-
    James> nal internet address resolution on a firewall machine
    James> without needing to run a separate named for internal and
    James> external address resolution."

    James> This is exactly what I need, but I can't find any reference
    James> to the mentioned otion SECURE_ZONE in the bind sources.

Well Captain Kirk, IIRC SECURE_ZONE was a compilation option in the
now long dead BIND4 release. The Bind Operator's Guide that is shipped
in the BIND8 tarball is for BIND4. (Sigh.) [We went back in time
because Mr. Spock overloaded the dilithium crystals when we were at
warp 8.] You can get similar functionality from BIND8's allow-query
and allow-transfer clauses in named.conf's options{} statement.

If you do want to seperate internal and external name spaces and
resolution, you probably should use split DNS. This is easy to do win
BIND8: configure one name server process listen only on the external
interface of the firewall and set up another process to only listen on
the firewall's internal interface. Look at the listen-on clause.

Scotty.