Hi all,<br><br>Having a problem setting up split DNS for the purpose of separating internal, recursive, caching responses vs external, non caching, non recusrive responses. First off, can views be used to do this?<br><br>
If yes, here are the relevant (I hope) portions of named.conf, which I've set up based on <a href="http://www.cymru.com/Documents/secure-bind-template.html" target="_blank">http://www.cymru.com/Documents/secure-bind-template.html</a>:<br>
<br>acl trusted {<br> <a href="http://8.8.8.0/24" target="_blank">8.8.8.0/24</a>;<br>};<br>..snip..<br>view internal-in in {<br> match clients { trusted };<br> recursion yes;<br> additional-from-auth yes;<br>
additional-from-cache yes;<br><br> zone "." in {<br> // Link in the root server hint file.<br> type hint;<br> file "db.cache";<br> };<br><br> zone "<a href="http://ournetwork.com/" target="_blank">ournetwork.com</a>" in {<br>
// Our internal A RR zone. There may be several of these.<br> type master;<br> file "ournetwork.com.db";<br> };<br> <br> zone "8.8.8.in-addr.arpa" in {<br>
// Our internal PTR RR zone. Again, there may be several of these.<br> type master;<br> file "8.8.8.in-addr.arpa.db";<br> };<br><br>};<br><br>view external-in in {<br> match-clients { any; };<br>
recursion no;<br> additional-from-auth no;<br> additional-from-cache no;<br><br> zone "8.8.8.in-addr.arpa" in {<br> // Our internal PTR RR zone. Again, there may be several of these.<br>
type master;<br> file "8.8.8.in-addr.arpa.db";<br> allow-query { any; }; <br> };<br><br> zone "<a href="http://ournetwork.com/" target="_blank">ournetwork.com</a>" in {<br>
// Our internal A RR zone. There may be several of these.<br> type master;<br> file "ournetwork.com.db";<br> allow-query { any; };<br> };<br><br> zone "." in {<br>
// Link in the root server hint file.<br> type hint;<br> file "db.cache";<br> };<br><br>};<br><br>The result is that all requests outside the trusted IP range are being REFUSED. Not sure why that is, though; anyone?<br>
<br>Thanks a bunch!<br>