Doubt regarding acls and internal and external view.
Darcy Kevin (FCA)
kevin.darcy at fcagroup.com
Fri May 22 19:37:55 UTC 2015
You’ll need to duplicate the www name into the internal zone if your internal clients need to resolve it. If a query doesn’t resolve in one view, it doesn’t “fail over” to another view in the config. It simply returns the negative response to the client.
- Kevin
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Elias Pereira
Sent: Friday, May 22, 2015 10:48 AM
To: bind-users at lists.isc.org
Subject: Doubt regarding acls and internal and external view.
Hello everyone,
I have a doubt regarding acls and internal and external view.
If I have some servers and among them, one only has access part of the "external (world)" to "internal (my infrastructure)." That would be the site (www). The rest is only internal.
Like that:
www --> zone db.external
any other server/service --> zone db.internal
acl "clients" {
localhost;
192.168.1.1/24<http://192.168.1.1/24>;
172.16.1.1/24<http://172.16.1.1/24>;
};
view "internal" {
match-clients { clients; };
recursion yes;
zone "internal" {
type master;
file "/etc/bind/db.internal";
};
};
view "external" {
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
zone "external" {
type master;
file "/etc/bind/db.external";
};
};
Thus I should only put the site in a zone that is in the external view and the other servers on the internal view, would it?
--
Elias Pereira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150522/5c8fb07d/attachment-0001.html>
More information about the bind-users
mailing list