Slave transfer problem with same zone but different db files in views.

[David Miller]

Hello,

I used Rob Thomas's secure BIND template to setup my primary DNS  
server(9.3.2) and it is working perfectly. I have one question about  
Rob's template and a question about a problem with my slave server.

First the problem. I have two copies of the same zone file. One is  
for internal view and one is for external view. The difference is the  
amount of records defined in each file. The fourth edition O'rielly  
BIND and DNS book has a perfect example of this on page 272. They  
actually have two different db files for the same 254.253.192.in- 
addr.arpa zone. How do you get the slave server to know which zone  
file goes to the correct view? Of coarse my slave server transfers  
the first db file and gives resolve access to hosts I don't want the  
external to have.

About Rob's template. Why allow access to the db.cache file for the  
external-in view? Isn't that pointless since we don't allow recursion  
anyway? All we want is for external sources to be able to resolve the  
IP's/names defined in the zone files we put in that view. Here is the  
section I'm talking about.

// Create a view for external DNS clients.
view "external-in" in {
     // Our external (untrusted) view. We permit any client to access
     // portions of this view. We do not perform recursion or cache
     // access for hosts using this view.

     match-clients { any; };
     recursion no;
     additional-from-auth no;
     additional-from-cache no;

       // Link in our zones
       zone "." in {
           type hint;
           file "db.cache";
       };



Here is a link to Rob's secure BIND Template.

http://www.cymru.com/Documents/secure-bind-template.html