nsupdate in a multi-view environment
Kevin Darcy
kcd at daimlerchrysler.com
Tue Nov 19 23:35:16 UTC 2002
Thomas H Jones II wrote:
> Hello. I have currently set up a DMZ nameserver with two zone views:
> one internal, one external. Set the match-client for the internal view
> to 192.168/16 and the external view to "any". I would like to use
> nsupdate to dynamic DNS updates -from- the DMZ server.
>
> Unfortunately, nsupdate only seems able to interact with the internal
> zones. I had hoped that by setting up internal and external TSIGs for the
> allow-update fields, id be able to supply a key to nsupdate and it would
> pick the correct view to update. Unfortunately, this does not seem to
> work. The match-client see's the calling IP and shunts to that view,
> regardless of key (the internal view). The only behaviour change that
> is evidenced is that the update is rejected, since I am attempting to use
> the external key to update an internal zone.
>
> Is there any way that I can force nsupdate to use the loopback interface
> for the exterior updates and the internal interface for the interior
> updates?
Sure, the BIND 9 version of nsupdate supports a "server" command which
directs the Dynamic Update to a particular address. E.g.
server 127.0.0.1
update add foo.example.com. 86400 a 1.2.3.4
send
- Kevin
More information about the bind-users
mailing list