View directive problems

[tman]

We have an external named server (BIND
9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6) running on Centos 6.

This server is authoritative for all the zones hosted on it (I’ll call it
mydomain.com). We have a new sub-domain (new.mydomain.com) where a different
DNS server is authoritative for the single zone. The DNS server (not BIND)
for new.mydomain.com is working ok, but I’m having trouble getting the BIND
servers in mydomain.com to forward requests to the DNS server in
new.mydomain.com.

We use the view directive in our main BIND servers to control internal and
external access to the zones. 

This is the declaration from our “internal” view

view "internal" {
        match-clients { "our-net"; };
        allow-query { "our-net"; };
        recursion yes;
        additional-from-auth yes;
        additional-from-cache yes;

       <zone files here>
};

This is the declaration from our “external” view

view "external" {
        match-clients { "any"; };
        allow-query { "any"; };
        recursion no;
        additional-from-auth no;
        additional-from-cache no;

        <zone files here>
};

“Internal” view is listed first in named.conf, followed by “external”. I
only want resolution for new.mydomain.com to work from the external view,
but we disable recursion in that zone for good reason. I’ve tried adding
new.mydomain.com as a zone to the “external” view with the ‘type forward’
and ‘forwarders’ set to the IP address of the other DNS server, but I think
the ‘recursion no’ setting in the external view is overriding this, as it
still doesn’t work.

I tried adding a new view “other” at the end of named.conf with ‘recursion
yes’, but initially this didn’t seem to work either. Out of curiosity, I
moved this new view above our “internal” view so it was processed first, and
then it worked. Initially, all looked good, but then it became apparent that
everything in the “external” view no longer resolved at all (everything was
denied). So, I’m aware that ‘views’ are processed in the order listed in
named.conf, but is there a limit on the number of ‘view’ directives, and if
not, why did the ‘other’ view only work when it was listed first?

I’ve been pulling my hair out on this one, and it just doesn’t make sense.

Thanks for any help




--
View this message in context: http://bind-users-forum.2342410.n4.nabble.com/View-directive-problems-tp3680.html
Sent from the Bind-Users forum mailing list archive at Nabble.com.