views are interconnecting ?
Kevin Darcy
kcd at daimlerchrysler.com
Fri Aug 19 21:46:40 UTC 2005
Well, you've got forwarders defined *outside* of the views, which means
they get used for *all* views. If you only want the forwarders used for
the "external" view, then define them only there.
Also, if you don't have direct connectivity to the Internet, you should
be specifying "forward only". Otherwise, if the forwarders become
unavailable, your nameserver will go crazy trying to contact Internet
nameservers directly. For similar reasons, you should probably define an
internal root zone for your "internal" view, otherwise queries of
mistyped names will cause unwanted attempts to contact Internet
nameservers. Lastly, you don't need a "hint" zone in your external view
if you're using forwarding.
- Kevin
cmic wrote:
>Hello.
>
>Bind-9.3.1 on 1 server with 2 views, each one with a unique zone. Views
>seems to communicate ?
>
>>From an internal worksation a.socio.rev [resolv.conf domain socio.prv
>nameserver 172.21.39.254] I can resolve b.sosio.prv but even
>mail.socio.i2, and even Internet adresses which are resolved by the
>forwarders.
>I *don't want* my workstation users to be able to resolve anything not
>in socio.prv. I thought views would isolate the zones.
>
>If I add "recursion no;" in the internal view, I cannot resolve neither
>*.i2 nor *.prv from anywhere. How come ?
>
>options {
> directory "/var/namedb";
> listen-on { 172.21.39.254; };
> forwarders { 192.168.160.3 ; 192.168.160.5; };
>};
>
>view "internal" {
>match-clients {172.21.36.0/22;};
>
>zone "36.21.172.in-addr.arpa" {
> type master;
> notify no;
> file "interne/db.172.21.36";
>};
>zone "socio.prv" {
> type master;
> notify no;
> file "interne/db.socio";
>};
>};
>
>view "external" {
>match-clients {any;};
>recursion yes;
>zone "." {
> type hint;
> file "named.ca";
>};
>zone "0.0.127.in-addr.arpa" {
> type master;
> file "db.127.0.0";
>};
>zone "socio.i2" {
> notify no;
> type master;
> file "externe/db.socio.i2";
>};
>zone "36.21.172.in-addr.arpa" {
> notify no;
> type master;
> file "externe/db.172.21.36";
>};
>};
>
>Thanks for the help.
>Sorry if this is piece of cake....
>--
>cmic<at>caramail<dot>com
>
>
>
>
>
>
>
More information about the bind-users
mailing list