internal/external view problem

Per olof Ljungmark peo at
Wed Dec 14 18:52:58 UTC 2016

Hi list,

I am facing a problem internal/external views, I will do my best to
describe it:

An internal host needs to nsupdate an external view using a key, but
cannot because it is part of the internal ip range, at least that is
what I think.

The acutal use is for Letsencrypt certs.

Is there a way do this witjh views or should I use another form of
access control? The host sending the update needs to be part of
"internals" to be able to lookup general names of course.

I suppose I could use allow-query and others instead?

acl internals {;

view "internal" {
    zone "" {
    recursion yes;
    type slave;
    file "slave/";
    masters {

view "external" {
    match-clients { any; };
    recursion no;
    allow-transfer { slaves; };
    zone "" {
    type master;
    file "dynamic/";
    allow-update    {
                     key rndc-key;



More information about the bind-users mailing list