views are interconnecting ?
Mark Andrews
Mark_Andrews at isc.org
Mon Aug 22 02:59:01 UTC 2005
> Hello.
>
> Bind-9.3.1 on 1 server with 2 views, each one with a unique zone. Views
> seems to communicate ?
>
> >From an internal worksation a.socio.rev [resolv.conf domain socio.prv
> nameserver 172.21.39.254] I can resolve b.sosio.prv but even
> mail.socio.i2, and even Internet adresses which are resolved by the
> forwarders.
> I *don't want* my workstation users to be able to resolve anything not
> in socio.prv. I thought views would isolate the zones.
>
> If I add "recursion no;" in the internal view, I cannot resolve neither
> *.i2 nor *.prv from anywhere. How come ?
>
> options {
> directory "/var/namedb";
> listen-on { 172.21.39.254; };
> forwarders { 192.168.160.3 ; 192.168.160.5; };
> };
>
> view "internal" {
> match-clients {172.21.36.0/22;};
zone "." {
type master;
file "interne/root";
};
interne/root:
@ 0 SOA ???.socio.prv. ...
@ 0 NS ???.socio.prv.
36.21.172.in-addr.arpa NS ???.socio.prv.
socio.prv NS ???.socio.prv.
???.socio.prv. A ...
> zone "36.21.172.in-addr.arpa" {
> type master;
> notify no;
> file "interne/db.172.21.36";
> };
> zone "socio.prv" {
> type master;
> notify no;
> file "interne/db.socio";
> };
> };
>
> view "external" {
> match-clients {any;};
> recursion yes;
> zone "." {
> type hint;
> file "named.ca";
> };
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "db.127.0.0";
> };
> zone "socio.i2" {
> notify no;
> type master;
> file "externe/db.socio.i2";
> };
> zone "36.21.172.in-addr.arpa" {
> notify no;
> type master;
> file "externe/db.172.21.36";
> };
> };
>
> Thanks for the help.
> Sorry if this is piece of cake....
> --
> cmic<at>caramail<dot>com
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list