BIND 9.1, Views, and Zone Transfers

Mon Feb 5 10:00:05 UTC 2001

>>>>> "Alain" == Alain Fontaine (Post master, UCL) <fontaine at sri.ucl.ac.be> writes:

    Alain> I also have ns3.foo.com, which for reliability reasons is
    Alain> hosted elsewhere (I am smarter than Microwhatever, which is
    Alain> not really difficult). ns3 has thus an 'external' IP
    Alain> address. Is there any hope for ns3.foo.com to be able to
    Alain> zone transfer the external _and_ internal view from
    Alain> ns1.foo.com?

At present no, the view ns3.foo.com will get for the zone transfer
will depend on the source IP address it uses for the axfr query.
There's no mechanism in the DNS protocol yet for "tagging" zone
transfers with a view name. There is some discussion about doing this,
but I've no idea when or even if this will get through IETF. I've not
looked at the DNS internet drafts to see if there's one on this topic
either. Even then, this would only work for servers that implemented
views. So if the external ns3.foo.com ran BIND8 (say), you'd lose
anyway. The administration/policy issues would be complicated too.
How could the external server - presumably managed by someone else -
be told which IP addresses were attached to each view?

If you're using internal and external views, why would you want to put
the internal one on an external name server? Remember most people
will use views for split DNS to conceal their internal name space from
the outside. In those circumstances, putting that data on the outside
would not be wise. Why not just have another internal name server and
have it listed in the NS records of the internal view?