Zone transfers with views
Stephen Carville
stephen.carville at gmail.com
Thu Apr 30 16:33:49 UTC 2009
I am trying to create three DNS slave servers with views for internal
an external IP's. Each has an address in the DMZ and the firewall
(actually a CSS) routes requests from the external IP's to the
internal addresses. The correspondence is one-to-one:
external.1 <--> dmz.1
external.2 <--> dmz.2
external.3 <--> dmz.3
This seems to work fine as long as the CSS admin remembers the DNS
server need to see the actual source address of the request rather
some intermediate NAT'ed IP.
What I cannot figure out is how to configure the master server.
Ideally it would use views too but it has to be on an internal network
and only the DMZ machines can reach it:
dmz.1 <--> master
dmz.2 <--> master
dmz.3 <--> master
All four of dmz.1, 2, 3 and master are on subnets considered internal.
I tried using views on the master and I can get the slaves to transfer
the internal or external zones but not both. If I configure the views
to treat the internal and dmz networks as internal, requests for an
external zone are denied. If I change the configuration so internal
and dmz addresses are considered external, requests for the internal
zones are denied.
All of the servers are running CentOS 5.3 with Bind version 9.3.4.
I've searched the net on the subject and I found lots of help getting
views to work but little about getting zones transferred in a
situation like above. Is it even possible to do this with views? If
not, is there a "recommended" solution?
--
Stephen Carville
More information about the bind-users
mailing list