view for a zone?

[Noah McNallie]

Chris Buxton wrote:
> It is not possible to set up views for just one zone. It really is all- 
> or-nothing. Think of each view as a completely separate, unrelated  
> name server.
>
> However, one thing you can do is share zone files between views. It's  
> still annoying, and they still get loaded once per view instead of  
> just once, but at least you wouldn't need to maintain two copies of  
> most of your zones.
>
> Some better ideas:
>
> - Set up a separate set of name servers for this one customer. Use  
> views there. Don't use views on your main name servers.
> - Use a different name server. I believe djbdns, for all its quirks,  
> is able to provide the functionality of views granularly, record-by- 
> record, instead of for the entire name server.
>
> Chris Buxton
> Professional Services
> Men & Mice
> Address: Noatun 17, IS-105, Reykjavik, Iceland
> Phone:   +354 412 1500
> Email:   cbuxton at menandmice.com
> www.menandmice.com
>
> Men & Mice
> We bring control and flexibility to network management
>
> This e-mail and its attachments may contain confidential and  
> privileged information only intended for the person or entity to which  
> it is addressed. If the reader of this message is not the intended  
> recipient, you are hereby notified that any retention, dissemination,  
> distribution or copy of this e-mail is strictly prohibited. If you  
> have received this e-mail in error, please notify us immediately by  
> reply e-mail and immediately delete this message and all its attachment.
>
>
>
> On Feb 21, 2008, at 7:48 AM, Tom Schmitt wrote:
>
>   
>> Hi,
>>
>> I run Bind 9.4 with several domains and zones. For only one domain I  
>> have to give the clients differents answers depending on their  
>> source-IP-address.
>>
>> Looking into the documentation how to do this I found the concept of  
>> views. But according to the docs, views are only possibly on a  
>> global scale which means for all domains.
>> Is it possible to set up a view only for one of the hosted domains?
>>
>> Or, if not, is there another solution to this problem beside views?
>>
>> Thanks,
>> Tom.
>> -- 
>> Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten
>> Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
>>
>>     
>
>
>
>   
I'd like to add to that:

Just because you have to setup views for every zone if you want to set 
it up for one, doesn't mean you can't specify that the other zone's view 
is everything OTHER than the ip range you want to be specific for the 
one domain, which is essentially another way of wording it (in other 
words, the only change would still be that one ip range seeing a 
difference with that one zone).

Also, what I was initially going to suggest before assuming I should try 
to answer your question with the 'built-into-bind' option. You could 
simply do port forwarding in your firewall rules, say a request comes 
into port 53 of ip A, depending on the source ip, you could forward it 
to your normal bind server on port 53, or you could redirect it to the 
bind server setup especially for the one specific domain.

Noah McNallie
AS in Network Administration and support
A C/Perl/sh programmer
Solaris/BSD/Linux
Security (network/software)