view problem
RAM MOHAN, Hari Ganesh
hari.rammohan at atos.net
Tue Oct 18 09:28:15 UTC 2016
Pol,
If your master server itself providing DNS service to clients, then you may try something like this, (Else you may use the same order and forwarder on your slave servers)
// vpn
view "vpn" {
match-clients { acl1; };
forward only;
forwarders { 127.0.0.1; };
zone "vpn_zone" {
type master;
file "/etc/bind/zones/vpn.db";
};
};
// zone1
view "internal_lan" {
match-clients { acl1; acl2; };
include "/etc/bind/named.conf.default-zones";
zone "zone1" {
type master;
file "/etc/bind/zones/zone1.db";
};
Thanks & Regards,
Hari Ganesh Ram Mohan
From: Sten Carlsen [mailto:stenc at s-carlsen.dk]
Sent: Tuesday, October 18, 2016 2:37 PM
To: RAM MOHAN, Hari Ganesh
Cc: max at fuckaround.org; bind-users at lists.isc.org
Subject: Re: view problem
Please be aware that only one view is visible for any client. You have acl1 in both views indicating that you assume a host in acl1 can get info from both views - this is not possible. The list is searched from the top of the file and the first match, only the first, will be the DNS service available to the client.
-- Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-- Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-- Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
On 18 Oct 2016, at 10.28, RAM MOHAN, Hari Ganesh <hari.rammohan at atos.net<mailto:hari.rammohan at atos.net>> wrote:
View concept works in order, as you have internal_lan view first, acl1 users are falling to this view and not able to find vpn_zone.
You may try swapping order,
// vpn
view "vpn" {
match-clients { acl1; };
zone "vpn_zone" {
type master;
file "/etc/bind/zones/vpn.db";
};
};
// zone1
view "internal_lan" {
match-clients { acl1; acl2; };
include "/etc/bind/named.conf.default-zones";
zone "zone1" {
type master;
file "/etc/bind/zones/zone1.db";
};
Thanks & Regards,
Hari Ganesh Ram Mohan
-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Pol Hallen
Sent: Tuesday, October 18, 2016 1:21 PM
To: bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
Subject: view problem
Hi all :-)
I've two zones: zone1 is an internal zone and another zone: vpn.
I need that acl1 can "see" internal vpn zone, the problem is that acl1 "see" vpn zone as external zone because this zone is a FQDN, while should see vpn as vpn.db.
192.168.1.0/24 are clients with also openvpn clients, while
192.168.2.0/24 are not vpn clients.
sorry but I can't simplify :-/
acl1 {192.168.1.0/24; };
acl2 {192.168.2.0/24; };
// zone1
view "internal_lan" {
match-clients { acl1; acl2; };
include "/etc/bind/named.conf.default-zones";
zone "zone1" {
type master;
file "/etc/bind/zones/zone1.db";
};
// vpn
view "vpn" {
match-clients { acl1; };
zone "vpn_zone" {
type master;
file "/etc/bind/zones/vpn.db";
};
};
Pol
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20161018/18d47b94/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 78 bytes
Desc: image001.gif
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20161018/18d47b94/attachment.gif>
More information about the bind-users
mailing list