3rd view or mulithomed or another way?
kcd at daimlerchrysler.com
Wed Jun 29 00:22:21 UTC 2005
Seems to me the only way to meet your requirements, as you have stated
them, i.e. completely different RRsets handed out to different sets of
clients, is to set up a special view (in fact, that's pretty much the
*definition* of a BIND "view"). If you were willing to be a little more
flexible with your requirements (e.g. using a firewall, IDS and/or
routing filter instead of DNS to protect the 3rd subnet from unwanted
traffic), then you could probably get away with using a sortlist instead
of having to define a whole view just for the one machine.
P.S. Surely you meant "change their mail server name" instead of "change
their mail server IPs", since if the clients on the new subnet are using
hard-coded IP addresses for their mail server you can't use DNS to
direct them to a new IP address regardless of how you slice it. By the
way, can't you use some sort of magical whizbang Wintel junk (Group
Policy Objects?) to get all of those clients to use a new mail server,
without having to touch each box individually? I thought Wintel was
getting better in that regard...
Jim Pazarena wrote:
>I have two slaves being updated each with two views all from one
>I now have a 3rd subnet, which has independent connectivity to the 'net,
>but I would like it to hit my mail server which is on a different subnet.
>I put a second ethernet card in the mail server, gave it an appropriate
>address for the 3rd subnet, and plugged it into the switch for the 3rd
>My problem is that if I dual-home the mail server DNS, then wouldn't the
>two subnet IPs be handed to everyone, and the outside world will (possibly)
>hit the 3rd subnet IP? I want this 3rd subnet to be as clean from
>traffic as possible. I know that I could create a 3rd view, but it's a
>lot of work
>for just one machine.
>I have about 80 windows machines on this 3rd subnet, and aside from
>all change their mail server IPs to match the new subnet which is far
>I can't figure out the least complicated way to accomplish this.
>Any suggestions would be appreciated.
More information about the bind-users