transfer with views

Gary Wallis wgg1970 at
Sat Jan 1 15:15:28 UTC 2011

Alan Clegg wrote:
>> Given choices, I think I'm in agreement with you:  I'd chose to not do
>> views.
>> Based on the posts here, the OP is going to do views.  The best thing to
>> do is provide the best method of replicating those views to the machines
>> that are providing slave services without using external applications.
>> If it were me and I had no other choice than to use views, I'd get into
>> the system and re-wire everything using BIND 9.7.2 and write a set of
>> scripts that used "rndc addzone" and "rndc delzone" to control the
>> master and all of the slaves, configure TSIG keys to manage zone
>> transfers between hosts, etc.
>>> Cheers!
>> and Happy New Year!
>> May 2011 be the best one before we all perish in the fires of whatever
>> is going to happen in 2012!  :)
>> AlanC
> Much thanks! I will look into the TSIG key method for view transfers, 
> and see if the very conservative (but that I am stuck with) CentOS BIND
> version supports it.
> Cheers!
> Gary
> _______________________________________________
> bind-users mailing list
> bind-users at

Found it in a Mark Andrews post:

Main snippet:

"The general and robust solution is:

         acl allviewkeys { key A; key B; key C; key D; };
         match-clients { key A; !allviewkeys; subnet A; }
         match-clients { key B; !allviewkeys; subnet B; }
         match-clients { key C; !allviewkeys; subnet C; }
         match-clients { key D; !allviewkeys; subnet D; }

This is easily expandable to many views without having to touch
each view when a new view is added.  The order of the match-clients
acl is important."


More information about the bind-users mailing list