ACLs and Views
Ben Blakely
bab at bablakely.com
Fri Jul 23 04:50:06 UTC 2004
Hello List,
I have a question regarding a server running BIND 9.2.3-13. I am
implementing views on this server so that it can serve an internal
network, a remote network, and the world as a whole (external hosts).
My problem is that as soon as I add the view for the whole internet, all
hosts start using that information instead of their respective views.
The zone for the external hosts is defined last in the named.conf file.
The acl for external hosts is:
acl "external" {
! 172.16.4/22; // The internal network
! 216.159.1/24; // The remote network
any; // The rest of the world
};
The corresponding view statement is:
view "world" {
match-clients{ "external"; };
...zone info...
};
My complete named.conf is attached. Thanks in advance for any help you
can provide!
/ben Blakely
bab at bablakely.com
-- Attached file included as plaintext by Ecartis --
-- File: named.conf
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "/etc/rndc.key";
options {
directory "/var/named/";
pid-file "/var/named/named.pid";
};
acl "polkcity" {
216.159.1/24;
};
view "pc" {
match-clients{polkcity;};
zone "4.16.172.in-addr.arpa" {
type master;
file "pc/4.16.172.in-addr.arpa.zone";
};
zone "152.165.207.in-addr.arpa" {
type master;
file "pc/152.165.207.in-addr.arpa.zone";
};
zone "n-polk.k12.ia.us" {
type master;
file "pc/n-polk.k12.ia.us.zone";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa.zone";
};
zone "localhost.localdomain" {
type master;
file "localhost.localdomain.zone";
};
zone "." {
type hint;
file "db.cache";
};
};
acl "internal" {
172.16.4/22;
};
view "internal" {
match-clients{"internal";};
zone "4.16.172.in-addr.arpa" {
type master;
file "int/4.16.172.in-addr.arpa.zone";
};
zone "152.165.207.in-addr.arpa" {
type master;
file "int/152.165.207.in-addr.arpa.zone";
};
zone "1.159.216.in-addr.arpa" {
type master;
file "int/1.159.216.in-addr.arpa.zone";
};
zone "n-polk.k12.ia.us" {
type master;
file "int/n-polk.k12.ia.us.zone";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa.zone";
};
zone "localhost.localdomain" {
type master;
file "localhost.localdomain.zone";
};
zone "." {
type hint;
file "db.cache";
};
};
// DON'T UNCOMMENT THE FOLLOWING UNTIL YOU FIGURE OUT HOW TO MAKE THE INTERNET
// HOSTS GO TO THE CORRECT VIEW!!!!
//
//acl "external" {
// !172.16.4/22;
// !216.159.1/24;
// any;
//};
//view "world" {
// match-clients{"external";};
//
// zone "152.165.207.in-addr.arpa" {
// type master;
// file "ext/152.165.207.in-addr.arpa.zone";
// };
// zone "1.159.216.in-addr.arpa" {
// type master;
// file "ext/1.159.216.in-addr.arpa.zone";
// };
// zone "n-polk.k12.ia.us" {
// type master;
// file "ext/n-polk.k12.ia.us.zone";
// };
//};
More information about the bind-users
mailing list