One zone in 2 views
Evan Hunt
each at isc.org
Thu Sep 26 16:04:27 UTC 2013
On Thu, Sep 26, 2013 at 04:25:54PM +0100, Phil Mayers wrote:
> Interesting; static zones only, or dynamic ones too?
Both should work. Thanks for asking the question, I'll pay closer
attention to dynamic zones as a test scenario when I get back to
this.
(It occurs to me as I type that there could be some unexpected effects
if you don't set the ACLs consistently. Say you have a view with
"allow-query { any; };", and it references a zone living in a view with
"allow-query { localnets; };". The zone would've inherited the options
from its containing view, so it would only allow queries from localnets,
even when reached via the other view. And if you're doing this with a
dynamic zone you'll want to be careful that update-policy is set the way
you really want and you're not relying on match-clients for security.)
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list