Slave transfer problem with same zone but different db files in views.
David Miller
millerdc at fusion.gat.com
Fri Jun 16 23:02:06 UTC 2006
Hello,
I used Rob Thomas's secure BIND template to setup my primary DNS
server(9.3.2) and it is working perfectly. I have one question about
Rob's template and a question about a problem with my slave server.
First the problem. I have two copies of the same zone file. One is
for internal view and one is for external view. The difference is the
amount of records defined in each file. The fourth edition O'rielly
BIND and DNS book has a perfect example of this on page 272. They
actually have two different db files for the same 254.253.192.in-
addr.arpa zone. How do you get the slave server to know which zone
file goes to the correct view? Of coarse my slave server transfers
the first db file and gives resolve access to hosts I don't want the
external to have.
About Rob's template. Why allow access to the db.cache file for the
external-in view? Isn't that pointless since we don't allow recursion
anyway? All we want is for external sources to be able to resolve the
IP's/names defined in the zone files we put in that view. Here is the
section I'm talking about.
// Create a view for external DNS clients.
view "external-in" in {
// Our external (untrusted) view. We permit any client to access
// portions of this view. We do not perform recursion or cache
// access for hosts using this view.
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
// Link in our zones
zone "." in {
type hint;
file "db.cache";
};
Here is a link to Rob's secure BIND Template.
http://www.cymru.com/Documents/secure-bind-template.html
More information about the bind-users
mailing list