views are interconnecting ?

Kevin Darcy kcd at daimlerchrysler.com
Fri Aug 19 21:46:40 UTC 2005


Well, you've got forwarders defined *outside* of the views, which means 
they get used for *all* views. If you only want the forwarders used for 
the "external" view, then define them only there.

Also, if you don't have direct connectivity to the Internet, you should 
be specifying "forward only". Otherwise, if the forwarders become 
unavailable, your nameserver will go crazy trying to contact Internet 
nameservers directly. For similar reasons, you should probably define an 
internal root zone for your "internal" view, otherwise queries of 
mistyped names will cause unwanted attempts to contact Internet 
nameservers. Lastly, you don't need a "hint" zone in your external view 
if you're using forwarding.

                                                                         
                                 - Kevin

cmic wrote:

>Hello.
>
>Bind-9.3.1 on 1 server with 2 views, each one with a unique zone. Views
>seems to communicate ?
>
>>From an internal worksation a.socio.rev [resolv.conf domain socio.prv
>nameserver 172.21.39.254] I can resolve b.sosio.prv but even
>mail.socio.i2, and even Internet adresses which are resolved by the
>forwarders.
>I *don't want* my workstation users to be able to resolve anything not
>in socio.prv. I thought views would isolate the zones.
>
>If I add "recursion no;" in the internal view, I cannot resolve neither
>*.i2 nor *.prv from anywhere. How come ?
>
>options {
>        directory "/var/namedb";
>        listen-on { 172.21.39.254; };
>        forwarders { 192.168.160.3 ; 192.168.160.5; };
>};
>
>view "internal" {
>match-clients {172.21.36.0/22;};
>
>zone "36.21.172.in-addr.arpa" {
>        type master;
>        notify no;
>        file "interne/db.172.21.36";
>};
>zone "socio.prv" {
>        type master;
>        notify no;
>        file "interne/db.socio";
>};
>};
>
>view "external" {
>match-clients {any;};
>recursion yes;
>zone "." {
>        type hint;
>        file "named.ca";
>};
>zone "0.0.127.in-addr.arpa" {
>        type master;
>        file "db.127.0.0";
>};
>zone "socio.i2" {
>        notify no;
>        type master;
>       file "externe/db.socio.i2";
>};
>zone "36.21.172.in-addr.arpa" {
>        notify no;
>        type master;
>        file "externe/db.172.21.36";
>};
>};
>
>Thanks for the help.
>Sorry if this is piece of cake....
>--
>cmic<at>caramail<dot>com
>
>
>
>
>
>  
>




More information about the bind-users mailing list