VIEW feature in BIND 9

Jim Reid jim at rfc1035.com
Fri Jul 20 18:07:06 UTC 2001 

>>>>> "Tony" == Tony Shah <tony_shah at hotmail.com> writes:

    Tony> has anyone had any success with the Views feature with BIND
    Tony> 9?  If so could you take a look at my post on 7/16/2001 and
    Tony> help me out.

    Tony> I can't get the internal vs. external type feature to work
    Tony> properly, especially with slave nameservers.

This sort of question has been asked and answered before. Consult the
bind9-users list archives. In BIND9 a view is just a representation of
a zone that's tagged by IP address. The source address a query
determines which view, if any, they get to see for a given zone. For
instance the outside world sees a different example.com zone from that
seen my the internal users on Example Ltd's private network. Zone
transfers are just another type of DNS query. So if a slave server is
on the outside, they see and transfer the zone defined in the external
view for example.com. If they're on the internal network, they do
likewise for the internal view. It's as simple as that.

If the slave server is serving both the internal and external views
(why?), the transfer requests need to be tagged with the correct IP
addresses. For the transfer of the external version, a transfer-source
clause is included in the external view to set the IP address for
those transfer queries to come from an "external" address. The same
thing will be needed with an internal IP address to get the internal
view. By default, the server picks the best source address for the
transfer request, which might not be the right one for a given view.

Ordinarily, this situation should not arise. An external slave name
server is usually on the outside network anyway, typically at the ISP,
where it always gets the external view for the zone. Similarly
internal servers will only see the internal view when they transfer
the zone. If you think about it, the question you're really asking is
"how can I make one server use distinct source addresses when
transferring different zones?".  [Each view of a zone is a discrete
zone in its own right.] That's what the transfer-source clause is for.

There has been discussion about writing up an extenstion to the zone
transfer protocol so that they can explicitly request a given view.
But AFAIK so far nobody seems to care enough to make the time to write
this up and propose it at IETF.

More information about the bind-users mailing list