BIND9 views, shadow zones, and "hybrid" zones (based on query-source)

Barry Margolin barmar at alum.mit.edu
Fri May 13 00:54:14 UTC 2005


In article <d60cr3$1ugs$1 at sf1.isc.org>,
 Nathan Benson <tuxtattoo at gmail.com> wrote:

> i've gotten myself into a fairly major DNS reorg and have run into a
> problem i can't seem to find a reasonable solution to.  the whole
> point of the reorg was to consolidate the zones onto a single master
> (responsible for internal and external zones using views) which in
> turn updated the slaves.
> 
> anyway, to get to the issue at hand.  i have a bind9 server configured
> with views to serve up a single zone (say domain.com) which is split
> into two files, one for internal and one for external.  this is all
> working beautifully and as expected.  i also have slave servers in the
> remote offices described below.
> 
> my problem is two remote offices that need to resolve both internal
> and external IP's for the same zone.  as simply as possible, they need
> to resolve mail.domain.com to the external (DMZ) IP rather than the
> internal (VPN) IP.  but, if the host that they are trying to resolve
> doesn't exist in the external zone, it needs to fall back to look it
> up in the internal zone (such as an internal web server, etc).

Configure one of the remote office servers as a master for the zone 
"mail.domain.com", and configure the other remote office servers as 
slaves for this zone.  Put the external IP in the zone file.

This will override the record for mail.domain.com that comes over in the 
zone transfer from the main office master.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***



More information about the bind-users mailing list