3rd view or mulithomed or another way?

Kevin Darcy kcd at daimlerchrysler.com
Wed Jun 29 00:22:21 UTC 2005 

Seems to me the only way to meet your requirements, as you have stated 
them, i.e. completely different RRsets handed out to different sets of 
clients, is to set up a special view (in fact, that's pretty much the 
*definition* of a BIND "view"). If you were willing to be a little more 
flexible with your requirements (e.g. using a firewall, IDS and/or 
routing filter instead of DNS to protect the 3rd subnet from unwanted 
traffic), then you could probably get away with using a sortlist instead 
of having to define a whole view just for the one machine.

                                                                         
                                                - Kevin

P.S. Surely you meant "change their mail server name" instead of "change 
their mail server IPs", since if the clients on the new subnet are using 
hard-coded IP addresses for their mail server you can't use DNS to 
direct them to a new IP address regardless of how you slice it. By the 
way, can't you use some sort of magical whizbang Wintel junk (Group 
Policy Objects?) to get all of those clients to use a new mail server, 
without having to touch each box individually? I thought Wintel was 
getting better in that regard...

Jim Pazarena wrote:

>I have two slaves being updated each with two views all from one
>master.
>
>I now have a 3rd subnet, which has independent connectivity to the 'net,
>but I would like it to hit my mail server which is on a different subnet.
>
>I put a second ethernet card in the mail server, gave it an appropriate
>address for the 3rd subnet, and plugged it into the switch for the 3rd 
>subnet.
>
>My problem is that if I dual-home the mail server DNS, then wouldn't the
>two subnet IPs be handed to everyone, and the outside world will (possibly)
>hit the 3rd subnet IP? I want this 3rd subnet to be as clean from 
>outside world
>traffic as possible. I know that I could create a 3rd view, but it's a 
>lot of work
>for just one machine.
>
>I have about 80 windows machines on this 3rd subnet, and aside from 
>having them
>all change their mail server IPs to match the new subnet which is far 
>from ideal,
>I  can't figure out the least complicated way to accomplish this.
>
>Any suggestions would be appreciated.
>
>Jim
>
>
>
>
>
>  
>

More information about the bind-users mailing list