nsupdate in a multi-view environment

Mark_Andrews at isc.org Mark_Andrews at isc.org
Tue Nov 19 22:46:40 UTC 2002


> In article <arda5u$70tr$1 at isrv4.isc.org>,
> Simon Waters  <Simon at wretched.demon.co.uk> wrote:
> >
> >Thomas H Jones II wrote:
> >> 
> >> Is there any way that I can force nsupdate to use the loopback interface
> >> for the exterior updates and the internal interface for the interior
> >> updates?
> >
> >Match destination might work (I haven't tried it) if you have
> >multiple interfaces (or at least multiple IP addresses), but I
> >don't do views. Views never gave me the impression of being
> >completely worked through, and the average admin has enough pain
> >without them, remember those who will come after you.
> 
> Ok, guess I wasnt clear on this. I was attempting do do nsupdates
> from the same host that the DMZ DNS runs on. A match-destination might
> work, if I were able to configure nusupdate to use a particular outbound
> IP: hence, asking about forcing it to use the loopback interface.
> 
> >No chance of shipping your internal DNS data inside where it
> >probably belongs?
> 
> Technically, by placing it on the DMZ, it is -sorta- inside already.
> using either views or allow-query/allow-transfer statements insulates
> the data from the outside world.
> 
> Besides, it kind of defeats the purpose of using views: not having to set
> up different servers to hold different data for the same zone. Basically,
> what I need is the NetSol requested two nameservers reachable via the
> Internet for IPs and zones under my control. Since most of the hosts are
> actually behind a firewall, the IPs that they are seen by from other hosts
> behind the firewall differ from those seen by the internet at large. So, I
> either need to set up some form of split-DNS or private TLDs. The latter is
> even uglier than use of views. It may just mean that I need to set one
> view's zones as static and the others as dynamically updated.
> 
> bleah.
> 
> Again, if anyone has something similar they have accomplished, let me know.
> I really am not trying to make this hard for the sake of making it hard.  :)
> 
> -tom
> 
> -- 
> 
> "You can only be -so- accurate with a claw-hammer."  --me
> 

	9.3 supports view selection based on TSIG.  See the FAQ for how
	to do this.
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list