Clients Matching Multiple Views
John Wobus
jw354 at cornell.edu
Fri Apr 11 17:59:20 UTC 2014
On Apr 9, 2014, at 4:14 AM, Steven Carr wrote:
> However, assuming you are using views on the same IP address and not
> splitting it across internal/external servers as that would screw up
> NS records), you can reuse the same zone file so those zones that
> appear in both internal and external views refer back to the same zone
> file, then when you update that zone file both views are updated.
My understanding has been that two views that are masters for
a zone can safely share a zone file if the zone isn't dynamic (e.g.
dnsupdate, dnssec auto signing, etc), but that two views of
a slave zone shouldn't do that: you could have two
different views independently rewriting the same file, a bad thing even
if the files are known to be identical. Furthermore, allowing that
could
conceivably show no problems very much of the time, masking the actual
risk.
If I'm wrong, that would be a good thing to know.
John Wobus
Cornell U
More information about the bind-users
mailing list