Several (>2) different views
Niall O'Reilly
Niall.oReilly at ucd.ie
Fri Jun 15 09:17:09 UTC 2012
On 15 Jun 2012, at 01:14, Rodrigo Renie Braga wrote:
> I've been trying to find examples on how to use TSIG to replicate several differents views to a slave server, but I could only find with two views, and I just couldn't figure out how to adapt that example to 3 or more views.
>
> Could you send me example on how to accomplish that?
Something like what follows below may be what you need.
This supports 3 views, keyed on TSIG or by default on
client address. For more views, no new ideas are needed.
include "/etc/select-tsig.keys"; // keep keys in protected file
acl captive-clients {
// Purpose: triage for "captive" view
key select-captive.ucd.ie.; // select on this key
! key select-internal.ucd.ie.; // by-pass
! key select-general.ucd.ie.; // by-pass
10.137.0.0/16; // Target networks
10.193.128.0/19;
10.193.160.0/20;
};
acl internal-clients {
// Purpose: triage for "internal" view
key select-internal.ucd.ie.; // select on this key
! key select-captive.ucd.ie.; // by-pass (redundant)
! key select-general.ucd.ie.; // by-pass
localhost;
172.16.0.0/16; // Special networks
10.224.0.0/16;
};
// Clients not otherwise selected are offered "general" view
// special-purpose view: 'captive'
view "captive" {
match-clients { captive-clients; };
// view details go here ...
}; // End view "captive"
view "internal" {
match-clients { internal-clients; };
// view details go here ...
};
// standard view: 'general'
view "general" {
match-clients { any; };
// view details go here ...
};
I hope this helps.
Niall O'Reilly
More information about the bind-users
mailing list