Seeking some advice in configuring Bind9
Kevin Darcy
kcd at daimlerchrysler.com
Wed Aug 24 21:32:45 UTC 2005
Terry Tse wrote:
>I'm currently using views to run a single copy of BIND9 to serve both
>internal and external clients. There are a number of internal servers
>that use private IP addresses that the internal view properly supplies to
>the internal clients. For external clients, they're forwarded via
>iptables prerouting to the right host behind the firewall. This has been
>working satisfactory for a while.
>
>Recently, I've a host that resides outside or internal network. It's on a
>PPPoE provisoned line whose IP address changes every now and again. To
>bring it into our domain, I've successfully used nsupdate to send secured
>dynamic update to the external view of the zone. However, internal
>clients can't see this address.
>
>Is there a way that this update be also sent to the internal zone
>database? Or is there a better way to achieve what I want to do? Any
>advice will be welcomed.
>
Run nsupdate again to update the internal version of the zone. This
would require differentiating the source address of the Dynamic Update
(e.g. originate from one of those private IP addresses), having the
different views listen on different IPs (use the "server" command in
nsupdate to direct the Dynamic Update to the right place), or, as of
BIND 9.3 or later, I believe views can be differentiated by TSIG key...
- Kevin
More information about the bind-users
mailing list