nsupdate in a multi-view environment

Thomas H Jones II ferric at xanthia.com
Tue Nov 19 21:13:22 UTC 2002 

In article <arda5u$70tr$1 at isrv4.isc.org>,
Simon Waters  <Simon at wretched.demon.co.uk> wrote:
>
>Thomas H Jones II wrote:
>> 
>> Is there any way that I can force nsupdate to use the loopback interface
>> for the exterior updates and the internal interface for the interior
>> updates?
>
>Match destination might work (I haven't tried it) if you have
>multiple interfaces (or at least multiple IP addresses), but I
>don't do views. Views never gave me the impression of being
>completely worked through, and the average admin has enough pain
>without them, remember those who will come after you.

Ok, guess I wasnt clear on this. I was attempting do do nsupdates
from the same host that the DMZ DNS runs on. A match-destination might
work, if I were able to configure nusupdate to use a particular outbound
IP: hence, asking about forcing it to use the loopback interface.

>No chance of shipping your internal DNS data inside where it
>probably belongs?

Technically, by placing it on the DMZ, it is -sorta- inside already.
using either views or allow-query/allow-transfer statements insulates
the data from the outside world.

Besides, it kind of defeats the purpose of using views: not having to set
up different servers to hold different data for the same zone. Basically,
what I need is the NetSol requested two nameservers reachable via the
Internet for IPs and zones under my control. Since most of the hosts are
actually behind a firewall, the IPs that they are seen by from other hosts
behind the firewall differ from those seen by the internet at large. So, I
either need to set up some form of split-DNS or private TLDs. The latter is
even uglier than use of views. It may just mean that I need to set one
view's zones as static and the others as dynamically updated.

bleah.

Again, if anyone has something similar they have accomplished, let me know.
I really am not trying to make this hard for the sake of making it hard.  :)

-tom

-- 

"You can only be -so- accurate with a claw-hammer."  --me

More information about the bind-users mailing list