different internal and external views of a zone

Merton Campbell Crockett m.c.crockett at adelphia.net
Tue May 16 14:39:34 UTC 2006


On 15 May 2006, at 21:17 , Karl Auer wrote:

> Hi Merton.
>
>> We're not concerned about the private addresses.
>
> Um, but *I* am! Very.


Karl:

My MUA had an "Oops" last night and transmitted a message that I was  
editing instead of just leaving it in "Draft" folder.  I think  
Apple's latest security update has introduced a faux pas.  Sorry  
about that.

The point that I was attempting to make when rudely interrupted was  
that I wouldn't anticipate any changes to how you handle private  
addresses.

A second point that I didn't get around to is that I use multiple  
instances of BIND instead of "views".  I could never find a way to  
get "views" to do exactly what I wanted.  I assume that the support  
for "views" has improved but I have not gotten around to see if it  
does what I want now.


>> The DHCP Server doesn't know whether an IP address is public or
>> private.  All it knows is that the addresses are from different IP
>> address pools.  For each pool you define the zones that need to be
>> updated and the name server that is the master for each.
>
> And that, right there, is the problem. The DHCP server can only update
> one server for any given name or address. The problem with some  
> names is
> that they need to be visible to internal AND external users, so  
> need to
> be in TWO places.
>
> I'll pose my question more succinctly:
>
> - we have a situation where some names in a domain need to be only
> internally visible, and some need to be both internally and externally
> visible.
>
> - there is a problem with DHCP and names that need to be internally  
> and
> externally visible, because the DHCP server can update only one  
> view per
> name.
>
> - is there a solution?


DHCP used to allow you to invoke external scripts on "commit" and  
"expiry".  This would allow you to update a second set of zones.   
This is what I was thinking about.  You might want to look at "The  
DHCP Handbook" by Droms and Lemon.


> This is the kind of situation I mean:
>
> domain.com, external view, contains:
>
>    foo.domain.com 1000 in a 129.132.1.1
>
> domain.com, internal view, contains;
>
>    foo.domain.com 1000 in a 129.132.1.1
>    bar.domain.com 2000 in a 192.168.2.2
>
> Now imagine a DHCP server needs to register snafu.domain.com. To be
> visible to our internal users, snafu has to be registered in the
> internal view, like foo is. To be visible to our external users, it  
> must
> also be registered in the external view - like foo is. How do we get
> snafu into both views?
>
> We can't use secondarying, because that puts the same data in both
> views.

As I don't use "views", I don't know if they are static or dynamic or  
whether a system can appear in multiple views.


Merton Campbell Crockett
m.c.crockett at adelphia.net





More information about the bind-users mailing list