advanced views misconfiguration ?
frodo Baggins
momchil at metronet.bg
Fri Dec 2 12:30:51 UTC 2005
hi,
i'm trying to setup a bind DNS server with view for my internet
networks. i have clients with 10. ips and when
they're connected to vpn get 192.168.X. ip, but also there are clients
who cannot make vpn connections (for one or
another reason) and they use internet on lan. there is a internet file
server which is configured with aliases
in it's network interface in 10. and 192.168.1. 192.168.2 networks. the
idea is to "make" users use the lan (not
vpn) connection to transfer files to/from file server - clients which
use vpn to connect to 10. ip address of the
server, and clients on lan to use 192.168.1.5, 192.168.2.5 for example.
i decided to this "magic" using bind views
feature, but i cannot achieve the goal, here is the example
configuration i tested (and failed):
[snip]
acl "lan1" {
192.168.1.12;
192.168.1.15;
192.168.1.24;
192.168.1.41;
192.168.1.46;
192.168.1.63;
192.168.1.71;
192.168.1.91;
192.168.1.95;
};
acl "lan2" {
192.168.2.3;
192.168.2.4;
192.168.2.5;
192.168.2.6;
};
acl "vpn" {
!lan1; 192.168.1.0/24;
!lan2; 192.168.2.0/24;
};
view "internal_vpn" {
match-clients { vpn; };
zone "." in {
type hint;
file "root.hint";
};
zone "mydomain.net" in {
type master;
notify yes;
file "zone/internal/mydomain.net-vpn";
allow-transfer {none; };
allow-query { vpn; };
};
};
view "internal_lan1" {
match-clients { lan1; };
zone "." in {
type hint;
file "root.hint";
};
zone "mydomain.net" in {
type master;
notify yes;
file "zone/internal/mydomain.net-lan1";
allow-transfer {none; };
allow-query { lan1; };
};
};
view "external" {
match-clients { "any"; };
zone "." in {
type hint;
file "root.hint";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "zone/0.0.127.in-addr.arpa";
};
zone "XX.XX.XX.in-addr.arpa" in {
type master;
file "zone/master/XX.XX.XX.in-addr.arpa";
allow-transfer { XX.XX.XX.XX; localhost; };
allow-query { any; };
};
zone "mydomain.net" in {
type master;
notify yes;
file "zone/master/mydomain.net";
allow-transfer { XX.XX.XX.XX; localhost; };
allow-query { any; };
};
};
[snip]
when start named with such a conf, clients cannot resolve at all
is there misconfiguration or something ? :(
do you have any ideas if this is impossible to realize with bind
(views) how can be done ?
More information about the bind-users
mailing list