expected view behavior

Dixon, Justin Justin.Dixon at BBandT.com
Tue Feb 13 21:06:38 UTC 2007


> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Andre
> Gerhard
> Sent: Tuesday, February 13, 2007 15:43
> To: bind-users at isc.org
> Subject: expected view behavior
> 
> 
> Hello,
> 
> 
> My configuration is as follows.
> I have two views defined, in a split-dns way.
> 
> Part of named.conf, from machine viewserver.mydomain.com,
> IPs are sanitized:
> 
> 
> acl clients {
>         localhost;
>         192.0.2.64/26;
>         192.0.2.192/28;
> };
> 
> view "internal" {
>         match-clients { clients; };
>         recursion yes;
> 
>         //hint, localhost zones etc defined here
> };
> 
> view "external" {
>         match-clients { any; };
>         recursion no;
> 
>         zone "subdomain.mydomain.com" {
>                type master;
>                file "subdomain.db";
>         };
> };
> 
> 
> Also, we have another server, that defines the domain mydomain.com.
> 
> In this server, I delegate the subdomain.mydomain.com to the server
> that have these views defined by doing:
> 
> subdomain.mydomain.com.    IN    NS    viewserver.mydomain.com.
> 
> Both servers are located in the internal network.
> 
> 
> Then, in the example.db above, I have an A record, say:
> mymachine.subdomain.domain.com.   IN  A  192.0.2.65
> 
> So mymachine is also located in the internal network.
> 
> 
> Outside the network defined by the ACL, I am able to resolve the
external
> name mymachine.subdomain.domain.com.
> 
> But the problem is that if I am inside the network (from machines that
> are in the acl clients), I receive a SERVFAIL response.
> 
> Is this the correct behavior ?
> 
> Why I could not resolve the external name if I am located in the
> internal network ?
> 
> To make things work, I must define the zone in the external *and*
> in the internal view ?
> 
> 
> Sincerely,
> Andre Gerhard
> Universidade de Sao Paulo
> 
> 
> 
> 
> 
> 

If you have common zones that need to be available to both internal and
external users with the same data, you will need to define the zones in
both views so that they will be available.

Justin Dixon



More information about the bind-users mailing list