stub zones and recursion ?
vincent.blondel at ing.be
vincent.blondel at ing.be
Thu Apr 3 18:20:15 UTC 2008
>
> Does anybody get an idea to solve next problem ?
>
> I get some bind 9.2.3 resolvers,
Upgrade.
==> foreseen for end of June
> all configured the same way. All of
> them are configured with some views, each of them dedicated to
specific
> clients. We get the default view recursively answering all queries to
> anybody.
Fine.
> We also get another one where I am trying to non-recursively
> answer queries but without getting data locally.
Impossible.
> A little example ..
>
> let's immagine we get lab.intranet. and srv.lab.intranet. defined on
two
> authoritative bind servers. On the other hand I get wks.lab.intranet
> configured on a Ms Dns with WINS/backwards activated.
>
> Now I would like giving access my users to zones lab.intranet and
> wks.lab.intranet ONLY. What are the solutions for it ?? I cannot
simply
> replicate zones on each servers because ISC BIND does not comply with
> records 'IN WINS' (specific to Ms Windows Dns).
Stop using WINS. Microsoft don't even really support it
anymore.
==> I know but this is really too long to explain you the whole
WINS history the company I work for.
> So I try to define zones
> as forward or stub, I am also playing with allow-recursion, recursion
> but have not find any solution to my problem.
Create your own root zone and delegate lab.intranet from it.
view "xx" {
match-clients {xx;};
allow-query { any; };
allow-recursion { any; };
recursion yes;
zone "." {
type master;
file "xx.root";
};
};
xx.root:
. 3600 SOA ...
. 3600 NS ...
lab.intranet. 3600 NS ns.lab.intranet.
ns.lab.intranet. 3600 A <address>
I did it, it works but I still get a problem with it, I also get access
to all child domains of the zones defined in the root file .. any idea
??
Mark
> view "xx" in {
>
> match-clients {xx;};
> allow-query {xx;};
> allow-recursion {xx;};
> recursion xx;
>
> zone "." in {
type hint;
> file "xx/db.root";
> };
>
> zone "lab.intranet." {
> xx
> };
> zone "srv.lab.intranet." {
> xx
> };
> zone "wks.lab.intranet." {
> xx
> };
> };
>
> Your help is really appreciated.
>
> Regards
> Vincent.
> -----------------------------------------------------------------
> ATTENTION:
> The information in this electronic mail message is private and
> confidential, and only intended for the addressee. Should you
> receive this message by mistake, you are hereby notified that
> any disclosure, reproduction, distribution or use of this
> message is strictly prohibited. Please inform the sender by
> reply transmission and delete the message without copying or
> opening it.
>
> Messages and attachments are scanned for all viruses known.
> If this message contains password-protected attachments, the
> files have NOT been scanned for viruses by the ING mail domain.
> Always scan attachments before opening them.
> -----------------------------------------------------------------
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
-----------------------------------------------------------------
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.
Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-----------------------------------------------------------------
More information about the bind-users
mailing list