internal/external view problem
Per olof Ljungmark
peo at intersonic.se
Wed Dec 14 18:52:58 UTC 2016
Hi list,
I am facing a problem internal/external views, I will do my best to
describe it:
An internal host needs to nsupdate an external view using a key, but
cannot because it is part of the internal ip range, at least that is
what I think.
The acutal use is for Letsencrypt certs.
Is there a way do this witjh views or should I use another form of
access control? The host sending the update needs to be part of
"internals" to be able to lookup general names of course.
I suppose I could use allow-query and others instead?
acl internals {
192.168.1.0/24;
};
view "internal" {
zone "internal.example.com" {
recursion yes;
type slave;
file "slave/db.internal.example.com";
masters {
192.168.1.1;
};
};
};
view "external" {
match-clients { any; };
recursion no;
allow-transfer { slaves; };
zone "example.com" {
type master;
file "dynamic/db.example.com";
allow-update {
key rndc-key;
};
};
};
Thanks,
//per
More information about the bind-users
mailing list