DNS views and zone transfers
/dev/rob0
rob0 at gmx.co.uk
Wed Sep 7 16:34:10 UTC 2016
On Wed, Sep 07, 2016 at 11:48:54AM -0400, Bob Harold wrote:
> On Wed, Sep 7, 2016 at 11:37 AM, project722 <project722 at gmail.com> wrote:
>
> > Thanks Bob, I will look into this. Do you know if the forwarders
> > feature is supported in Bind 9.8.2?
> >
> Yes, forwarders is an old and stable feature.
>
> ("in-view" is new and experimental)
"New" is fair to say, if you call BIND 9.10 "new". OTOH it is
unfair/wrong to call it "experimental". 9.10 has been in stable
release form for quite some time now, and there have been no problems
with the in-view zone feature, AFAIK.
> > On Wed, Sep 7, 2016 at 9:38 AM, Bob Harold <rharolde at umich.edu> wrote:
> >
> >>
> >> On Tue, Sep 6, 2016 at 5:23 PM, project722 <project722 at gmail.com> wrote:
snip
> >> Here is the basic structure:
> >>
> >> view "internal" {
> >> match-clients {
> >> // this list must not match 127.0.0.1
> >> !key "external"; // use this key to test the external view
> >> 10.0.0.0/8;
> >> key "internal"; // use this key to test the internal view
> >> };
> >> zone "itd.umich.edu" { // this zone is different in the two views
> >> type master;
> >> file "internal/itd.umich.edu";
> >> };
> >> forwarders {
> >> // forward to external view
> >> 127.0.0.1;
I have never thought to try this, but I would not expect it to work.
Does it?
> >> };
> >> forward only; // optional
> >> };
> >> view "external" {
> >> match-clients {
> >> // this list must match 127.0.0.1
> >> any;
> >> };
> >> zone "itd.umich.edu" { // this zone is different in the two views
> >> type master;
> >> file "external/itd.umich.edu";
> >> };
> >> zone "10.in-addr.arpa" { // all other zones will be seen by everyone
> >> type master;
> >> file "external/arpa.in-addr.10";
> >> };
> >> zone "umich.edu" {
> >> type master;
> >> file "external/com.umich";
> >> };
> >> };
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the bind-users
mailing list