stub zones and recursion ?
Mark Andrews
Mark_Andrews at isc.org
Wed Apr 2 13:37:00 UTC 2008
>
> Does anybody get an idea to solve next problem ?
>
> I get some bind 9.2.3 resolvers,
Upgrade.
> all configured the same way. All of
> them are configured with some views, each of them dedicated to specific
> clients. We get the default view recursively answering all queries to
> anybody.
Fine.
> We also get another one where I am trying to non-recursively
> answer queries but without getting data locally.
Impossible.
> A little example ..
>
> let's immagine we get lab.intranet. and srv.lab.intranet. defined on two
> authoritative bind servers. On the other hand I get wks.lab.intranet
> configured on a Ms Dns with WINS/backwards activated.
>
> Now I would like giving access my users to zones lab.intranet and
> wks.lab.intranet ONLY. What are the solutions for it ?? I cannot simply
> replicate zones on each servers because ISC BIND does not comply with
> records 'IN WINS' (specific to Ms Windows Dns).
Stop using WINS. Microsoft don't even really support it anymore.
> So I try to define zones
> as forward or stub, I am also playing with allow-recursion, recursion
> but have not find any solution to my problem.
Create your own root zone and delegate lab.intranet from it.
view "xx" {
match-clients {xx;};
allow-query { any; };
allow-recursion { any; };
recursion yes;
zone "." {
type master;
file "xx.root";
};
};
xx.root:
. 3600 SOA ...
. 3600 NS ...
lab.intranet. 3600 NS ns.lab.intranet.
ns.lab.intranet. 3600 A <address>
Mark
> view "xx" in {
>
> match-clients {xx;};
> allow-query {xx;};
> allow-recursion {xx;};
> recursion xx;
>
> zone "." in {
type hint;
> file "xx/db.root";
> };
>
> zone "lab.intranet." {
> xx
> };
> zone "srv.lab.intranet." {
> xx
> };
> zone "wks.lab.intranet." {
> xx
> };
> };
>
> Your help is really appreciated.
>
> Regards
> Vincent.
> -----------------------------------------------------------------
> ATTENTION:
> The information in this electronic mail message is private and
> confidential, and only intended for the addressee. Should you
> receive this message by mistake, you are hereby notified that
> any disclosure, reproduction, distribution or use of this
> message is strictly prohibited. Please inform the sender by
> reply transmission and delete the message without copying or
> opening it.
>
> Messages and attachments are scanned for all viruses known.
> If this message contains password-protected attachments, the
> files have NOT been scanned for viruses by the ING mail domain.
> Always scan attachments before opening them.
> -----------------------------------------------------------------
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list