config for views

config for views

Post by dev_nul » Sat, 28 Mar 2009 11:10:06


------=_Part_1535_2015545827.1238119806414
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello,

I want to config a named for two networks, using the view.
for example, neta is for internal users, netb is for any other users.
I got the named.conf below, do you have any suggestion on it? thanks.


options {
directory "/usr/local/bind";
recursion no;
zone-statistics yes;
statistics-file "/usr/local/bind/var/named.stats";
};

view "neta" {
match-clients { someip; };

zone "test.a.com" {
type master;
file "/usr/local/bind/etc/test.a.com.neta.db";
};
};

view "netb" {
match-clients { any; };

zone "test.a.com" {
type master;
file "/usr/local/bind/etc/test.a.com.netb.db";
};
};

key "rndc-key" {
algorithm hmac-md5;
secret "*****************";
};
=20
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
------=_Part_1535_2015545827.1238119806414
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
bind-users mailing list
XXXX@XXXXX.COM
https://lists.isc.org/mailman/listinfo/bind-users
------=_Part_1535_2015545827.1238119806414--
 
 
 

config for views

Post by Kevin Darc » Sat, 28 Mar 2009 11:36:54


That's the general idea, yes, but "someip" can't be used literally
unless it's defined as an ACL somewhere else in the config, of course,
and "recursion no" in "options" means that *neither* of these views can
be used for your own clients (including perhaps the nameserver itself)
to resolve any names outside of the test.a.com zone.


- Kevin

_______________________________________________
bind-users mailing list
XXXX@XXXXX.COM
https://lists.isc.org/mailman/listinfo/bind-users

 
 
 

config for views

Post by dev_nul » Sat, 28 Mar 2009 13:08:05

------=_Part_1586_2082553449.1238126885621
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable


2009 19:36:54 -0700 Kevin Darcy < XXXX@XXXXX.COM >=20


> > };=20
> That's the general idea, yes, but "someip" can't be used literally=20
> unless it's defined as an ACL somewhere else in the config, of course,=
=20
> and "recursion no" in "options" means that *neither* of these views can=
=20
> be used for your own clients (including perhaps the nameserver itself)=
=20
> to resolve any names outside of the test.a.com zone.=20
> =20



Thanks.
If it's used in a product environment, does it have some other directives s=
etting for security and performance?

regards.

------=_Part_1586_2082553449.1238126885621
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
bind-users mailing list
XXXX@XXXXX.COM
https://lists.isc.org/mailman/listinfo/bind-users
------=_Part_1586_2082553449.1238126885621--
 
 
 

config for views

Post by Kevin Darc » Sun, 29 Mar 2009 11:24:45


That's a very general question, and not easy to answer without knowing
all of the details of your server/network/security environment/requirements.


- Kevin

_______________________________________________
bind-users mailing list
XXXX@XXXXX.COM
https://lists.isc.org/mailman/listinfo/bind-users