"catch all" view?

Barry Finkel b19141 at achilles.ctd.anl.gov
Mon Sep 23 14:46:22 UTC 2002


Brian Korver <briank at briank.com> wrote:

> It doesn't appear that we can define a "global" view, but I
> thought I'd ask anyways....
> 
> I want to define two views:  "everyone" and "internals".
> The zones in "everyone" should be available to absolutely
> everyone, including the folks in "internals".  However,
> it appears that the first match-client prevails, such
> that any client will only see one view:  there are no
> unions of views.
>
>For the sake of this example, let's say that I want the
>following views:
>
>   everyone    briank.com
>   internals   briank.com and briank.com.local
>
>I looked in the list archives and in the docs at
>http://www.nominum.com/resources/documentation/Bv9ARM.pdf
>and both seem to say that I need to define the views with
>the common information repeated, like:
>
>   acl internals { 127.0.0.1; };
>
>   view "internals" {
>     match-clients { internals; };
>     zone "briank.com.local" {...}
>     zone "briank.com" {...}   # duplicated below
>   };
>
>   view "everyone" {
>     match-clients { any; };
>     zone "briank.com" {...}
>   };
>
>but that requires putting identical zones into multiple views.
>Yuck.
>
>Is there anyway to specify a view that is completely global,
>so that I don't have to put the zones that are available
>to absolutely everyone in each and every specific view?
>I know it's not (currently) legal, but I'd love the syntax:
>
>   acl internals { 127.0.0.1; };
>
>   // briank.com is exported to absolutely everyone 
>   zone "briank.com" {...}
>
>   view "internals" {
>     match-clients { internals; };
>     zone "briank.com.local" {...}     # 10.0.0/24
>   };
>
>Am I asking for too much?

If you do not want to put identical zones into multiple views, do as
I did.  Move those zone definitions that need to appear in each view
into a separate file

     named.conf.non-views

and then

     $include "named.conf.non-views';

in the parent named.conf file in each view.  I have no problems with
this, but I am not sure that the BIND-supplied script

     named-checkconf

reads $include files.  I seem to remember someone posting recently that
it did not, but that is a minor problem.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994



More information about the bind-users mailing list