Several (>2) different views [SOLVED]

Rodrigo Renie Braga rodrigorenie at gmail.com
Tue Jul 3 19:21:53 UTC 2012 

Just giving a feedback, this method worked great, but in my case, didn't
have no negate the keys in the ACL (like the example below), I created one
key for each ACL in my configuration and used that ACL for the
"match-clients" directive in the view.

So, when the slave tried to sync the zone, the matched the key, not the IP
address, that way every zone was sync correctly.

Thanks for your help!

2012/6/15 Niall O'Reilly <Niall.oReilly at ucd.ie>

>
> On 15 Jun 2012, at 01:14, Rodrigo Renie Braga wrote:
>
> > I've been trying to find examples on how to use TSIG to replicate
> several differents views to a slave server, but I could only find with two
> views, and I just couldn't figure out how to adapt that example to 3 or
> more views.
> >
> > Could you send me example on how to accomplish that?
>
>         Something like what follows below may be what you need.
>         This supports 3 views, keyed on TSIG or by default on
>         client address.  For more views, no new ideas are needed.
>
> include "/etc/select-tsig.keys";        // keep keys in protected file
>
> acl captive-clients {
>   // Purpose: triage for "captive" view
>   key select-captive.ucd.ie.;           // select on this key
>   ! key select-internal.ucd.ie.;        // by-pass
>   ! key select-general.ucd.ie.;         // by-pass
>
>   10.137.0.0/16;                        // Target networks
>   10.193.128.0/19;
>   10.193.160.0/20;
> };
>
> acl internal-clients {
>   // Purpose: triage for "internal" view
>   key select-internal.ucd.ie.;          // select on this key
>   ! key select-captive.ucd.ie.;         // by-pass (redundant)
>   ! key select-general.ucd.ie.;         // by-pass
>   localhost;
>
>   172.16.0.0/16;                        // Special networks
>   10.224.0.0/16;
> };
>
> // Clients not otherwise selected are offered "general" view
>
> // special-purpose view: 'captive'
> view "captive" {
>
>   match-clients { captive-clients; };
>
>   // view details go here ...
>
> };                                      // End view "captive"
>
> view "internal" {
>
>   match-clients { internal-clients; };
>
>   // view details go here ...
>
> };
>
> // standard view: 'general'
> view "general" {
>
>   match-clients { any; };
>
>   // view details go here ...
>
> };
>
>         I hope this helps.
>
>         Niall O'Reilly
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120703/1d9b9c0d/attachment.html>

More information about the bind-users mailing list