no. of Views and Zones
Chris Buxton
chris.p.buxton at gmail.com
Mon Nov 8 17:31:57 UTC 2010
Lightner, Jeff wrote:
> You would NOT use a single zone for this. Views are designed
> specifically to control what is seen. However, that control is mainly
> done by acl's specifying which networks access which views.
Or by server IP. You can use match-destinations with views to provide a
different virtual server per server IP address, all on one box, with a
single instance of named. You can even combine match-destinations,
match-clients, and match-recursive-only together to satisfy even more
complex scenarios.
That said, if it were me, I'd run separate boxes, separate VM's, or at
least separate instances of named (each attached to a different IP) in
the scenario posed by the OP.
> Do you
> assign specific subnets to each client? If so you could do this with
> views but processing needed to load dozens of views is not something I
> can comment on as I think most people only do a couple. (Here we do
> only internal and external to differentiate what people on the internet
> see as opposed to what people on our intranet see.)
>
I also don't have any empirical data, but I do expect that setting up
thousands of views would have a significant impact on performance — each
query runs a gantlet of match-* ACL's before finding the correct view.
Regards,
Chris Buxton
BlueCat Networks
More information about the bind-users
mailing list