Split Namespace question.
Kevin Darcy
kcd at daimlerchrysler.com
Mon Nov 5 23:50:34 UTC 2001
Barry Margolin wrote:
> In article <9s6ti6$3jn at pub3.rc.vix.com>,
> Cinense, Mark <macinen at sandia.gov> wrote:
> >
> >I get it now... so is it possible to, since I have a namserver on the
> >outside, and inside of my firewall to set up the outside nameserver with
> >defined views, and the internal nameservers with a single view? Does this
> >make sense, I really do not care at this point of zonefile management at
> >this point, since my zonefiles are generated by another server from a
> >database anyway.
>
> I don't understand why the outside nameserver would need multiple views.
> It should only receive queries from the Internet, so it will just have the
> public zone. Internal clients will only query the internal nameserver.
I can think of a reason one might want multiple views even on an "external"
nameserver: the nameserver *itself* might want to generate lookups, and one might
want to define a "private" view for those because a) one doesn't want external
clients lunching off one's nameserver cache, and/or b) some of those lookups might
be in a "private" namespace (sure, one could define stub zones and slap
"allow-query"s on them, but then the existence of those zones would be given away
by the REFUSED responses, so they wouldn't be totally hidden from prying eyes).
- Kevin
More information about the bind-users
mailing list