problem with views

Joseph S D Yao jsdy at center.osis.gov
Wed Mar 1 23:08:35 UTC 2006 

On Wed, Mar 01, 2006 at 05:36:35PM +0100, Tom Schmitt wrote:
> 
> Hi,
> 
> I have a problem with configuring views on Bind 9.3.2 in the correct way.
> 
> The situation:
> I run a Bind 9.3.2 which is secondary for a specific zone. Most clients
> should ask the server and getting the correct response. (This part is
> working)
> 
> Now I have a networks with other clients who should get other answers for
> the same request. At a first look: The classic task for different views.
> 
> But there is a problem I cannot solve:
> Theses new clients should only get for a few hundred DNS-Records in the zone
> a different response. For all other records they should get the normal
> correct response.
> When I now write a second Zonefile with the different entries for the new
> view, how can I get the following changes in the original Zone in the future
> to the new view?
> The Primary do not know about the new view. He sends only updates for the
> normal zone. How couldt I integrate these in the new view? And how could I
> avoid a change of one of the records I have changed manually for the new
> view?

The server with the master copies of this zone must know about the new
view for this to propagate properly.  The views must have the same name
- however, they don't need to have the same ACLs on both servers
[although I would find this confusing].

You can have a base zone file with the IP addresses that are the same on
both, and then two view-specific zone files that include the base zone
file and go on to add the view-specific entries.

On the server whose copies of the zone are slaved to this master, you
will need to do something like what Cricket Liu described in
<http://www.oreillynet.com/pub/a/oreilly/networking/news/views_0501.html>.

Warning: I find that some servers that are slaving their two copies of
the same zone [in two different views] don't always acknowledge
"notifies" for both views.  One view of the zone has to expire and be
re-read, just like in pre-notify days.

-- 
Joe Yao
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.

More information about the bind-users mailing list