views are interconnecting ?
cmic
cmic at caramail.com
Fri Aug 19 09:43:25 UTC 2005
Hello.
Bind-9.3.1 on 1 server with 2 views, each one with a unique zone. Views
seems to communicate ?
>From an internal worksation a.socio.rev [resolv.conf domain socio.prv
nameserver 172.21.39.254] I can resolve b.sosio.prv but even
mail.socio.i2, and even Internet adresses which are resolved by the
forwarders.
I *don't want* my workstation users to be able to resolve anything not
in socio.prv. I thought views would isolate the zones.
If I add "recursion no;" in the internal view, I cannot resolve neither
*.i2 nor *.prv from anywhere. How come ?
options {
directory "/var/namedb";
listen-on { 172.21.39.254; };
forwarders { 192.168.160.3 ; 192.168.160.5; };
};
view "internal" {
match-clients {172.21.36.0/22;};
zone "36.21.172.in-addr.arpa" {
type master;
notify no;
file "interne/db.172.21.36";
};
zone "socio.prv" {
type master;
notify no;
file "interne/db.socio";
};
};
view "external" {
match-clients {any;};
recursion yes;
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
};
zone "socio.i2" {
notify no;
type master;
file "externe/db.socio.i2";
};
zone "36.21.172.in-addr.arpa" {
notify no;
type master;
file "externe/db.172.21.36";
};
};
Thanks for the help.
Sorry if this is piece of cake....
--
cmic<at>caramail<dot>com
More information about the bind-users
mailing list