config for views
Kevin Darcy
kcd at chrysler.com
Fri Mar 27 02:36:54 UTC 2009
dev_null at zoho.com wrote:
> Hello,
>
> I want to config a named for two networks, using the view.
> for example, neta is for internal users, netb is for any other users.
> I got the named.conf below, do you have any suggestion on it? thanks.
>
>
> options {
> directory "/usr/local/bind";
> recursion no;
> zone-statistics yes;
> statistics-file "/usr/local/bind/var/named.stats";
> };
>
> view "neta" {
> match-clients { someip; };
>
> zone "test.a.com" {
> type master;
> file "/usr/local/bind/etc/test.a.com.neta.db";
> };
> };
>
> view "netb" {
> match-clients { any; };
>
> zone "test.a.com" {
> type master;
> file "/usr/local/bind/etc/test.a.com.netb.db";
> };
> };
>
> key "rndc-key" {
> algorithm hmac-md5;
> secret "*****************";
> };
>
> controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { "rndc-key"; };
> };
That's the general idea, yes, but "someip" can't be used literally
unless it's defined as an ACL somewhere else in the config, of course,
and "recursion no" in "options" means that *neither* of these views can
be used for your own clients (including perhaps the nameserver itself)
to resolve any names outside of the test.a.com zone.
- Kevin
More information about the bind-users
mailing list