Specifying a view for dig?

Barry Margolin barmar at alum.mit.edu
Sat Feb 9 05:08:49 UTC 2008


In article <foh39t$15cb$1 at sf1.isc.org>,
 Michael Rasmussen <mikeraz at patch.com> wrote:

> I'd like to specify a particular view for dig so that from an internal client 
> I can do something  like
> 
>   for s in secondary1.example.com secondary.example.net myserver.mydomain.org
>   do  
>       echo -n "$s  "
>       dig @$s questionalably_syncddomain.net  SOA | egrep "^q.*SOA" 
>   done
> 
> Giving myself no mental breakdown room to compare the results.
> 
> This is presuming the source IP of the digging client is in a seperate view 
> between mydomain.org and the other two.
> 
> The dig manpage has nothing on view.
> A web search for terms including dig and view return too much irrelevant 
> stuff.
> 
> Is it possible?

Would you really want it to be possible?

If a client could specify which view to use, it would allow external 
clients to look at your internal view, even though they don't match the 
ACL in the view.  Most organizations use views as a way to protect their 
internal DNS, and this would make that protection nonexistent.

I suppose that there could be another ACL that specifies who is allowed 
to override the view's match-XXX criteria.

But as others have said, there's nothing about views in the DNS 
protocol, it's just a decision made by the server using the match-XXX 
vriteria.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list