bind views and AXFR
Kevin Darcy
kcd at chrysler.com
Wed Aug 20 22:20:59 UTC 2008
The master selects the view for refresh queries and zone transfer
requests the same way -- match-clients, match-destinations -- that it
selects the view for ordinary queries.
If you don't want to mess around with multi-homed addresses on your
master and/or your slaves (e.g. transfer-source), you may need to
implement view-selection via TSIG key, which is probably a good thing to
do anyway, from a security standpoint.
- Kevin
Petersen, Kirsten J - NET wrote:
> I may already know the answer to this, but I'm looking for some
> confirmation. Is it not possible to do bind views via a slave server?
> In other words, does AXFR just transfer the view that the slave can see
> and nothing more?
>
> We have an in-house application that we use to build our dns configs.
> I'd like to be able to build to a master server and then have the slaves
> do AXFR to get updates from it. The alternative is to push new zone
> files out to the name servers directly and do reloads all the time,
> which seems more dangerous. In the first scenario, if we do something
> that causes named on the master to fail to start, at least the slaves
> will still be answering queries.
>
> However, we were also hoping to implement views so that we can hide dns
> for our private address space from the world. But I'm thinking now that
> I can't do both of these things.
>
> Suggestions welcome. :)
>
> ________________
> Kirsten Petersen
> Network Services * Oregon State University
> http://oregonstate.edu/net * irc.oregonstate.edu #osu-is
> "Paper doesn't grow on trees."
>
>
>
>
>
>
More information about the bind-users
mailing list