question about views
Michele Chubirka
chubirka at gwu.edu
Tue Sep 23 20:29:04 UTC 2008
We have a dedicated, non-routable, private network for backups which
maps to a specific subdomain in our zone files, For example,
backup.example.com. We would like to prevent access to lookup records in
this subdomain from outside our network, but not the rest of the domain.
It isn't really practical for us to multi-home our DNS server onto this
network or to place a dedicated server there. Since all the hosts have
public interfaces as well, we had thought the best way to achieve this
would be with setting up views on our current BIND server, but since we
only want to restrict access to the subdomain, is this possible without
having two copies of the entire db file for each view? For example, we
would like to have an internal view which allowed access to
backup.example.com and an external view which allowed access to the rest
of the domain. Can I have a forward zone file for the subdomain with the
internal view config (also including the IN-ADDR.ARPA for the private IP
space)and leave it out of the external db file for the main zone,
example.com, without any delegation? We aren't trying to hand out
different IPs based upon match-clients, just block access to one
subdomain. Anyone have a better suggestion to accomplish this?
view "backup" {
match-clients {restricted_networks_ACL;};
zone "10.IN-ADDR.ARPA" in {
type master;
file "10.db"
notify yes;
};
zone "backup.example.com" in {
type master;
file "backup.db"
notify yes;
};
view "external" {
match-clients {any;};
zone "routable_IP_space" in {
type master;
file "routeable.db"
notify yes;
};
zone "example.com" in {
type master;
file "example.db"
notify yes;
};
--
Michele Chubirka
Senior Information Systems Engineer
Information Systems and Services
George Washington University
202-994-5791
More information about the bind-users
mailing list