"catch all" view?

Mon Sep 23 21:47:13 UTC 2002

> Brian Korver <briank at briank.com> wrote:
> 
> > It doesn't appear that we can define a "global" view, but I
> > thought I'd ask anyways....
> > 
> > I want to define two views:  "everyone" and "internals".
> > The zones in "everyone" should be available to absolutely
> > everyone, including the folks in "internals".  However,
> > it appears that the first match-client prevails, such
> > that any client will only see one view:  there are no
> > unions of views.
> >
> >For the sake of this example, let's say that I want the
> >following views:
> >
> >   everyone    briank.com
> >   internals   briank.com and briank.com.local
> >
> >I looked in the list archives and in the docs at
> >http://www.nominum.com/resources/documentation/Bv9ARM.pdf
> >and both seem to say that I need to define the views with
> >the common information repeated, like:
> >
> >   acl internals { 127.0.0.1; };
> >
> >   view "internals" {
> >     match-clients { internals; };
> >     zone "briank.com.local" {...}
> >     zone "briank.com" {...}   # duplicated below
> >   };
> >
> >   view "everyone" {
>     match-clients { any; };
> >     zone "briank.com" {...}
> >   };
> >
> >but that requires putting identical zones into multiple views.
> >Yuck.
> >
> >Is there anyway to specify a view that is completely global,
> >so that I don't have to put the zones that are available
> >to absolutely everyone in each and every specific view?
> >I know it's not (currently) legal, but I'd love the syntax:
> >
> >   acl internals { 127.0.0.1; };
> >
> >   // briank.com is exported to absolutely everyone 
> >   zone "briank.com" {...}
> >
> >   view "internals" {
> >     match-clients { internals; };
> >     zone "briank.com.local" {...}     # 10.0.0/24
> >   };
> >
> >Am I asking for too much?
> 
> If you do not want to put identical zones into multiple views, do as
> I did.  Move those zone definitions that need to appear in each view
> into a separate file
> 
>      named.conf.non-views
> 
> and then
> 
>      $include "named.conf.non-views';

	The correct syntax is

	include "named.conf.non-views";

	"$include" is master file syntax not named.conf syntax.
 
> in the parent named.conf file in each view.  I have no problems with
> this, but I am not sure that the BIND-supplied script
> 
>      named-checkconf
> 
> reads $include files.  I seem to remember someone posting recently that
> it did not, but that is a minor problem.

	Yes they are read.

	Mark
> ----------------------------------------------------------------------
> Barry S. Finkel
> Electronics and Computing Technologies Division
> Argonne National Laboratory          Phone:    +1 (630) 252-7277
> 9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
> Building 222, Room D209              Internet: BSFinkel at anl.gov
> Argonne, IL   60439-4828             IBMMAIL:  I1004994
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org