Clients Matching Multiple Views

Kevin Darcy kcd at chrysler.com
Wed Apr 9 15:53:13 UTC 2014 

When you say "alternate zone", do you mean *schizophrenic* (i.e. some 
leaf-node names resolve to different RDATA between the versions), or do 
you mean only that the versions bear a subset/superset relation to each 
other, at least with respect to leaf nodes (SOA/NS records being a 
different matter).

We have mostly a subset/superset arrangement, so our solution is for our 
homegrown frontend (which only deals with leaf nodes) to automatically 
synchronize the internal version to the external version. A single 
transaction, from a user perspective, potentially updates both versions 
of the zone on the backend.

I say "mostly" because some vendor's products (*cough*Microsoft*cough*) 
have a hard requirement for schizophrenic DNS. Fortunately, we only have 
a handful of those, treated as special exceptions to our normal processes.

                 - Kevin

On 4/9/2014 3:37 AM, Mike Meredith wrote:
> Hi!
>
> Using BIND 9.9 here ...
>
> I have a collection of secondaries with various zone masters (the
> majority BIND, some ActiveDirectory). Some of the secondary DNS servers
> are for internal use only; some are externally visible, but all are
> configured with a common configuration file.
>
> I have a need to make _some_ zones visible only internally with an
> alternate zone visible externally. But the overwhelming majority of the
> zones remain as they are. I guess you could call this "partial
> split-view".
>
> I can do this in either of two rather inconvenient ways ... either I
> split the configuration of the secondaries with the externally visible
> ones configured differently to the internal ones, or I create two views
> ("internal" and "external") with the overwhelming majority of the zones
> defined twice.
>
> Neither option seems appealing.
>
> What I've also tried is to create three views with configurations
> like :-
>
> view "default" {
>    match-clients { any; };
>    recursion no;
>
>    /* The majority of the zones */
> };
>
> view "internal" {
>    match-clients { internal; };
>    recursion yes;
>
>    /* The internal zones */
> };
>
> view "external" {
>    match-clients { external; };
>    recursion no;
>
>    /* The external zones */
> };
>
> ... so that if a client matches multiple views, it tries each in turn.
> However that doesn't seem to work, and the documentation implies that
> it won't.
>
> Am I missing something obvious? Such as it should work, but I've
> somehow messed up? Or perhaps there's some option I've missed? Or am I
> out of luck?
>

More information about the bind-users mailing list