advanced views misconfiguration ?

frodo Baggins momchil at metronet.bg
Fri Dec 2 12:30:51 UTC 2005


hi,

i'm trying to setup a bind DNS server with view for my internet 
networks. i have clients with 10. ips and when
they're connected to vpn get 192.168.X. ip, but also there are clients 
who cannot make vpn connections (for one or
another reason) and they use internet on lan. there is a internet file 
server which is configured with aliases
in it's network interface in 10. and 192.168.1. 192.168.2 networks. the 
idea is to "make" users use the lan (not
vpn) connection to transfer files to/from file server - clients which 
use vpn to connect to 10. ip address of the
server, and clients on lan to use 192.168.1.5, 192.168.2.5 for example. 
i decided to this "magic" using bind views
feature, but i cannot achieve the goal, here is the example 
configuration i tested (and failed):
[snip]
acl "lan1" {
        192.168.1.12;
        192.168.1.15;
        192.168.1.24;
        192.168.1.41;
        192.168.1.46;
        192.168.1.63;
        192.168.1.71;
        192.168.1.91;
        192.168.1.95;
};

acl "lan2" {
        192.168.2.3;
        192.168.2.4;
        192.168.2.5;
        192.168.2.6;
};

acl "vpn" {
        !lan1;   192.168.1.0/24;
        !lan2;   192.168.2.0/24;
};

view "internal_vpn" {
        match-clients { vpn; };
        zone "." in {
                type hint;
                file "root.hint";
        };
        zone "mydomain.net" in {
                type master;
                notify yes;
                file "zone/internal/mydomain.net-vpn";
                allow-transfer {none; };
                allow-query { vpn; };
        };
};

view "internal_lan1" {
        match-clients { lan1; };
        zone "." in {
                type hint;
                file "root.hint";
        };
        zone "mydomain.net" in {
                type master;
                notify yes;
                file "zone/internal/mydomain.net-lan1";
                allow-transfer {none; };
                allow-query { lan1; };
        };
};

view "external" {
        match-clients { "any"; };
        zone "." in {
                type hint;
                file "root.hint";
        };
        zone "0.0.127.in-addr.arpa" in {
                type master;
                file "zone/0.0.127.in-addr.arpa";
        };
        zone "XX.XX.XX.in-addr.arpa" in {
                type master;
                file "zone/master/XX.XX.XX.in-addr.arpa";
                allow-transfer { XX.XX.XX.XX; localhost; };
                allow-query { any; };
        };
        zone "mydomain.net" in {
                type master;
                notify yes;
                file "zone/master/mydomain.net";
                allow-transfer { XX.XX.XX.XX; localhost; };
                allow-query { any; };
        };
};
[snip]

when start named with such a conf, clients cannot resolve at all
is there misconfiguration or something ? :(
do you have any ideas if this is impossible to realize with bind
(views) how can be done ?




More information about the bind-users mailing list