Views Question
Evan Hunt
each at isc.org
Tue Apr 30 17:32:29 UTC 2013
> If the 'type' info in a zone statement determines master or slave, can
> you have 2 views in the same named.conf file, one with type master zones
> and the other with type slave zones?
There are a couple of ways to read this question, and the answer depends
on which way you intended it.
A query reaches a view, or not, depending on whether it matched an access
control list. Typically, clients from your internal subnet will reach the
internal view, and everyone else goes to the external view.
If you have an authoritative-only server, and it's master for one set of
zones and slave for a separate, disjoint set of zones, then you do *not*
want to divide them up into different views. Some clients would only
be able to see the masters and some would only be able to see the slaves;
it wouldn't make sense.
However, if what you're asking is "can I have two views that serve the
*same* zones, with one view slaving to the other", then the answer is yes.
I do this myself at home: my internal view provides recursive service for
my family, and also contains slaved copies of my external-facing zones.
You can use a TSIG key in the masters option (and, from BIND 9.9 onward, in
the also-notify option) to enable the two views to talk to one another so
that the slave can be updated when the master is. The configuration looks
something like this:
key external-key { [...] };
view internal {
match-clients { !key external-key; localhost; localnets; };
zone example.com {
type slave;
masters { localhost key external-key; };
....
};
};
view external {
match-clients { any; };
zone example.com {
type master;
also-notify { localhost; };
....
};
};
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list