views and zone overlap

Mon Jul 18 02:57:17 UTC 2005

Barry Margolin wrote:
>>... I have [for example] example.net. I want to have local clients given 
>>dynamic DNS assignments in example.net, and I want to have my external 
>>zone serving example.net to the world. The local view, a dynamic zone, 
>>would only have the DHCP clients, internal hosts and aliases. The public 
>>view, a static zone, would have my Internet hosts.
>>
>>Can the local view fall back on the public one for resolving my Internet 
>>hostnames? It appears that I have to duplicate the public zone data in 
>>the local zone. Am I missing something? Is there an easy workaround to 
>>do this transparently?
> 
> Put the common data in a separate file, and use $INCLUDE in the zone 
> files for both views.

Yes, but I'd need a non-DNS way of propagating changes from the public 
zone to the local one. Also, the local zone of "example.net" is dynamic, 
so the $INCLUDE file is rolled in only once.

>>It's worse than just having to edit two files. My public SOA is a 
>>different machine than my local SOA. And of course editing a dynamic 
>>zone file is rather ugly in and of itself.
> 
> Now you've got me confused.  If the servers for the two versions of the 
> zone are different machines, why are you talking about using views?  
> Views are normally used when one machine is supposed to be authoritative 
> for two versions of the same zone.

Ah, you're right. So views is not the right thing here. What I want is 
two masters: one of the local (dynamic) zone, and another of the 
external (static) zone. Both zones have the same name, example.net, and 
clients on the local network need to be able to resolve names in the 
external zone.

I did think I might use views on the home server, which is a slave of 
the real zone, though. It's just not related to this issue.

> How often do the records in your public version of the zone change, 
> anyway?  For most organizations there are just a handful of public 
> entries and their addresses rarely change, so it's not that big a deal 
> to duplicate them in your private version of the zone.

Again you're right. I just want something ... cool. :) I like to learn 
low-maintenance techniques.

I thought of, and experimented with, a wildcard DNAME record. Right now 
the local dynamic zone is called "example.lan". (I want to change it to 
"example.net".) I was thinking I could make a DNAME in example.lan:
*	DNAME	example.net

That doesn't work. I change the "*" to "real" and it does work; 
example.net names resolve as "NAME.real.example.lan." But that won't 
help. The ultimate theory/hope was to load the real zone on the real 
master with two names. (No $ORIGIN and all relative names.) Then the 
local master could DNAME to the second name. All moot because apparently 
DNAME won't support wildcards.

> One case where this could be problematic is if your web site is being 
> hosted by a third party, who manages the public DNS for example.net.  

No, not a factor here. I manage all my own DNS.

Thanks for your comments.
-- 
     mail to this address is discarded unless "/dev/rob0"
     or "not-spam" is in Subject: header