More on BIND 9.1, Views, and Zone Transfers
D. J. Bernstein
75628121832146-bind at sublist.cr.yp.to
Fri Feb 9 22:04:53 UTC 2001
BIND company employee Jim Reid writes:
> BTW, since when did djbdns implement something like views?
djbdns has had something like views since version 0.75 a year ago.
djbdns now has a much better mechanism than views. Each line of data has
an optional location code. The line is visible only to clients in that
location. You can, for example, create private records that are visible
only to your own DNS caches; you don't have to create a second file with
a copy of the public records.
http://cr.yp.to/djbdns/faq/tinydns.html#differentiation
> private data will leak to the outside if it's
> put in the public version of a zone.
As I said, that's one of many flaws in the zone-transfer concept.
With server replication, everything works automatically. New zones on
the first server are copied to the second server. Location codes on the
first server are copied to the second server. The bottom line is that
clients receive the same responses from both servers.
> non-standards compliant
The great thing about standards is that there are so many of them to
choose from. It's not my fault that your company is ignoring modern
protocols such as ssh and rsync.
---Dan
More information about the bind-users
mailing list