One host serving both internal and external nameservice, which view should match-clients for the local host?

Mon Oct 25 22:43:16 UTC 2010

I did exactly that, but that wasn't what I was asking (I don't think).  

What I want to know is about how the nameserver host itself handles any calls it itself makes to localhost.  If I have one view handling 10. addresses and the other handling ALL others (match-clients { any; }, then it would seem to me that the nameserver itself, in its OWN need for name resolutions, could ONLY resolve external addresses (because localhost/127.0.0.1 would fall into the external view match-client { any;}), it couldn't resolve any 10. internal addresses for itself in local host calls.

Is what I'm getting at understandable?  Correct?  Is there something to do with router tables that could allow the nameserver to resolve its OWN 10. name resolutions that are needed on the box itself.  Again, I am NOT asking about resolution request calls either from 10. internal hosts NOR from the outside world, RATHER I am asking about resolution calls the machine has to do FOR ITSELF through localhost/127.0.0.1.  I could add local host to the internal view's match-cllient statement, yes, but then the box wouldn't be able to resolve external addresses made through local host......... 

----- Original Message -----
From: "Todd Snyder" <tsnyder at rim.com>
To: "Stewart Dean" <sdean at bard.edu>, bind-users at lists.isc.org
Sent: Monday, October 25, 2010 3:00:54 PM
Subject: RE: One host serving both internal and external nameservice, which	view should match-clients for the local host?

What I have done is add another IP to boxes with views, one per view (ie: 127.0.1.1/2/3/4).  Then put one of those ips in each view match statement.  When you do your dig, you tell it to source from a specific interface (dig -b 127.0.1.1 @localhost record.ext).  That will ensure that you can hit the view you want to hit, without any guess work.

YMMV.

Cheers,

Todd.

-----Original Message-----
From: bind-users-bounces+tsnyder=rim.com at lists.isc.org [mailto:bind-users-bounces+tsnyder=rim.com at lists.isc.org] On Behalf Of Stewart Dean
Sent: Monday, October 25, 2010 2:54 PM
To: bind-users at lists.isc.org
Subject: Q: One host serving both internal and external nameservice, which view should match-clients for the local host?

I have set up a nameserver as per pg 249 of DNS & Bind, 5th Ed.  The host is on
two networks, serving the internal 10 based network as nsi at 10.5.0.5 with an
internal view and the external network as nsx at 192.246.229.x with an external
view.  Everything makes sense until I get to the match-clients definition. Using
the example on 249, named will serve the internal addresses, and the external
view match-clients { any; } will take everything else....including the local
host 127.0.0.1.

That would seem to me to make it so the local host would be unable to resolve
(for itself) internal addresses, forcing it to only be able to resolve external
addresses for itself.

Is this as it should be?  Am I missing something?
--
"One must think like a hero to behave like a merely decent human being." - May
Sarton Stewart Dean, Unix System Admin, Bard College, New York 12504
sdean at bard.edu voice: 845-758-7475, fax: 845-758-7035

_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.