Number of views (> 1'000)

[Guido Roeskens]

Hello,

We plan to use Bind 9.3.0 (or later) an set up
thousands of views on a nameserver.

I think there are little restrictions on how many
views one can set up (in the code).

But I think there will be restrictions on the practical side
- For each of those views we need matching ACL's
   To find the "right" view those ACL's have to be matched
   which may lead to performance problems.

Has anyone deployed several thousand views on a single
Bind nameserver?

Details:
- We want to offer a DNS service to VPN customers.
   Each customer can only see "his" view of the DNS space.
   (intenal domain view for DHCP registered clients and
    internal services)

- External resolution and external view is planned
   to be hosted on another nameserver.
   * only one resolver cache (instead of 1000nds)
   * should be visible from the the internet (obvious)

- we want to use "forward-only" on the "internal" DNS
   to the resolver/external nameserver
   * external server cannot see (query) the internal nameserver


Bind 9.3.0 has some new features/options for handling
of additional data, refferals in replies.
I'll need to look to the updated documentation.
Any hints ot tips how to make sure all views only have
access to their internal data?

Regards,

Guido