different internal and external views of a zone
Merton Campbell Crockett
m.c.crockett at adelphia.net
Tue May 16 14:39:34 UTC 2006
On 15 May 2006, at 21:17 , Karl Auer wrote:
> Hi Merton.
>
>> We're not concerned about the private addresses.
>
> Um, but *I* am! Very.
Karl:
My MUA had an "Oops" last night and transmitted a message that I was
editing instead of just leaving it in "Draft" folder. I think
Apple's latest security update has introduced a faux pas. Sorry
about that.
The point that I was attempting to make when rudely interrupted was
that I wouldn't anticipate any changes to how you handle private
addresses.
A second point that I didn't get around to is that I use multiple
instances of BIND instead of "views". I could never find a way to
get "views" to do exactly what I wanted. I assume that the support
for "views" has improved but I have not gotten around to see if it
does what I want now.
>> The DHCP Server doesn't know whether an IP address is public or
>> private. All it knows is that the addresses are from different IP
>> address pools. For each pool you define the zones that need to be
>> updated and the name server that is the master for each.
>
> And that, right there, is the problem. The DHCP server can only update
> one server for any given name or address. The problem with some
> names is
> that they need to be visible to internal AND external users, so
> need to
> be in TWO places.
>
> I'll pose my question more succinctly:
>
> - we have a situation where some names in a domain need to be only
> internally visible, and some need to be both internally and externally
> visible.
>
> - there is a problem with DHCP and names that need to be internally
> and
> externally visible, because the DHCP server can update only one
> view per
> name.
>
> - is there a solution?
DHCP used to allow you to invoke external scripts on "commit" and
"expiry". This would allow you to update a second set of zones.
This is what I was thinking about. You might want to look at "The
DHCP Handbook" by Droms and Lemon.
> This is the kind of situation I mean:
>
> domain.com, external view, contains:
>
> foo.domain.com 1000 in a 129.132.1.1
>
> domain.com, internal view, contains;
>
> foo.domain.com 1000 in a 129.132.1.1
> bar.domain.com 2000 in a 192.168.2.2
>
> Now imagine a DHCP server needs to register snafu.domain.com. To be
> visible to our internal users, snafu has to be registered in the
> internal view, like foo is. To be visible to our external users, it
> must
> also be registered in the external view - like foo is. How do we get
> snafu into both views?
>
> We can't use secondarying, because that puts the same data in both
> views.
As I don't use "views", I don't know if they are static or dynamic or
whether a system can appear in multiple views.
Merton Campbell Crockett
m.c.crockett at adelphia.net
More information about the bind-users
mailing list