Master/Slave and Views

Enrique Diaz Jolly enrique at podernet.com.mx
Mon Aug 22 15:08:14 UTC 2005 

Well, the best approach I ever found to this problem was running a mute, 
blind nameserver which is the master master. In this Name server I had 2 
instances of bind running separately. On the first instance I published 
public zones on the second private zones and made all my border Name Servers 
Slaves of the previous two. So, for instance the public view wold request 
data for public zones from the first and the private view from the later.. 
This way I only have a common control center server and all my DNS were 
slaves. It doesn't matter if they are announced as primary on thhe 
registries as long as they are authoritative. This way I was able to publish 
the same domains publicly and privately in differend fashions. Some domains, 
either public or private used common and public tables and some others 
different as there exist some private addresses on the private zones. The 
only trouble was notify for common (name) zones as they were not updated 
based on notify but SOA.


----- Original Message ----- 
From: "Thomas Bange" <tb at topbuero.de>
To: <bind-users at isc.org>
Sent: Monday, August 22, 2005 4:54 AM
Subject: Master/Slave and Views


> Hi,
>
> I'm using bind 9.3.1 and like to setup external and=20
> internal views.
>
> Most zones (about 30) should be the same in both views,
> about 5 zones should be in the internal view and one
> zone should be in both, but with only one host which
> should by dynamic and resolv to different ip's,
> depending on the view.
>
> So I moved all common zones into a seperate file (say
> zones.common), the zones which should be only visible
> from the internal network into a seperate file (say=20
> zones.internal) and the zone which should be differnet
> from extern into a seperate file (say zones.external).
>
> In my named.conf I configured the following 2 views:
> (mynetworks is an ACL with all my internal networks)
>
> view "internal" {
>        match-clients { mynetworks; };
>        recursion yes;
>
>        include "/etc/named/zones.common";
>        include "/etc/named/zones.internal";
> };
>
> view "external" {
>        match-clients { "any"; };
>        recursion no;
>
>        include "/etc/named/zones.common";
>        include "/etc/named/zones.external";
> };
>
> First question is: Is this the right way to configure
> this setup? Can the same zone files be used for both=20
> views?
>
> In my network I also have a slave nameserver in my=20
> local network. How do I setup the slave to replicate
> both views?
>
> And finally a somewhat tricky question. As mentioned
> above, I have a special zone. This zone only holds one=20
> record. The external view should be dynamic and only be
> updateable from the internal network. The internal view=20
> should hold only one static record (both point to the
> same Server, but with differnet ip's, depending on the
> origin of the request). Can this be done? Can the external
> view be updated from the internal network? I'm using TSIG=20
> for dynamic updates.
>
> Thanks and greetings,
> Thomas=20
>
>
>

More information about the bind-users mailing list