BIND Views advice please

Diggins Mike diggins at mcmaster.ca
Fri Oct 9 13:44:21 UTC 2015 

We're running the RHEL release of BIND version 9.8.2-0.37.rc1.el6_7.2. My environment consists of two slave DNS servers and one master server all running BIND. The master name server also runs an application and database that builds each zone file, but is not split-horizon compatible. I have a need to resolve a single name to IP address differently for internal and external clients.

I would like to change as little as possible without making this change too kludgy. We've developed a potential solution that I wanted to run by this group. Our solution is to create a new sub-domain within our domain, say xxx.test.mydomain.com. I want xxx.test.mydomain.com to resolve to a private address internally, and a public Internet IP externally, for a voice application. Our proposed solution is:

	- Slave servers are authoritative for mydomain.com and test.mydomain.com
	- No change to the master name server
	- Create the new subdomain test.mydomain.com on both slave DNS servers and store two copies of the zone file locally (manually updated when necessary), one for each view. Each slave DNS server 	    is a local master for this one zone only.
	- Modify slave named.conf configuration to use BIND Views, creating two views, one for internal and one for external and an ACL to distinguish the clients
	- Declare each zone and its master name server it both views.
	- The internal view declaration will use the internal copy of the zone file and the external view will use the external copy.
	- All other zones will continue to be updated from the master name server as they do now.

One particular concern we have is with zone transfers from the master name server, which has not been configured for multiple views. Will the slave DNS server store separate copies of each zone, do we need to name the local file differently for each view,  and can the single zone transfer from the master update both views simultaneously? Here is a partial configuration from one of the slave name servers to explain the scenario:

/etc/named.conf:

view "internal" {
    match-clients { internals; };
    zone "test.mydomain.com" {
        type master;
        file "data/int_test.mydomain.com";
    };

# other slave zones
zone "yyy.mydomain.com" {
        type slave;
        file "data/yyy.mydomain.com";   <== Can the filename for local copy of a slave zone be the same for both views?
        masters {
                172.26.1.1;
        };
     };
};

view "external" {
    match-clients { external; };
    zone "test.mydomain.com" {
        type master;
        file "data/ext_test.mydomain.com";
    };

# other slave zones
zone "yyy.mydomain.com" {
        type slave;
        file "data/yyy.mydomain.com";
        masters {
                172.26.1.1;
        };
     };
};

-Mike

More information about the bind-users mailing list