multiple internal views not working (requested conf files

Kevin Darcy kcd at chrysler.com
Mon Nov 2 21:50:39 UTC 2009 

Krash, Paul wrote:
> Kevin Darcy asked:
>
>   
>> Confused. Looks like the clients are matching the 
>> correct view, but "fckd.net" is not defined in either view,
>> so what exactly was the point of having views? fckd.net names are
>> going to get resolved the same regardless.
>>     
>
> I attempted to obfuscate our internal domain name, Mr. Reed caught it.
> fckd.net is the imaginary name of the segment I am serving.
>   
Ah, OK. But now that the real domain name has been "outed", is there any 
point in trying to obfuscate it?
> Sorry for the confusion, too many balls in the air today
> (some are on the floor :-)
>
> what I understand that this:
> ________________________________________________________________
> view dot5 {
>         match-clients {
>                 10.x.5.0/24;
>                 };
>         zone "5.x.10.in-addr.arpa" {
>                 type master;
>                 file "/etc/bind/10.19.5.default.rev";
>                 };
>         zone "fckd.net" {
>                 type master;
>                 file "/etc/bind/fckd.net.default.dot5";
>                 notify yes;
>                 also-notify {
>                         10.x.1.32;
>                         };
>                 };
>         };
> _________________________________________________________
>
> will serve one zone to .5 network only.
>
> While this:
>
> ----------------------------------------------------------------
>
> view internal {
>
>         match-clients {
>                 !10.x.5.0/24;
> 		10.x.x.0/16	
>                 };
>         zone "fckd.net" {
>                 type master;
>                 file "/etc/bind/fckd.net.default";
>                 notify yes;
>                 also-notify {
>                         10.x.1.32;
>                         };
>                 };
> ---------------------------------------------------------------
>
> will serve a different zone file to the rest of the 10.x.x.0/16 network.
>   
Views are matched in order, so "!10.x.5.0/24;" is redundant -- anything 
in that range would have been matched by the previous view.

Also, if 10.x/16 matches your entire community of clients you could just 
use "any" for the second view.
> I think I am close to resolving this, back to integration of Samba+NFS+
> NIS+LDAP+DHCP+DNS+Kerberos w/Active Directory 2008, without third party
> plugins and helpers.....(*long* term project)....[sigh]
>   
Make sure to publish a quick 3-step setup guide once you're done with 
that :-)

- Kevin

More information about the bind-users mailing list