<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><span></span></div><div><meta http-equiv="content-type" content="text/html; charset=utf-8"><div>Please be aware that only one view is visible for any client. You have acl1 in both views indicating that you assume a host in acl1 can get info from both views - this is not possible. The list is searched from the top of the file and the first match, only the first,  will be the DNS service available to the client.<br><br><pre class="moz-signature" cols="72"><font face=".SFUIDisplay-Regular"><span style="white-space: normal; background-color: rgba(255, 255, 255, 0);">-- 
Best regards</span></font></pre><pre class="moz-signature" cols="72"><font face=".SFUIDisplay-Regular"><span style="white-space: normal; background-color: rgba(255, 255, 255, 0);">Sten Carlsen</span></font></pre><pre class="moz-signature" cols="72"><font face=".SFUIDisplay-Regular"><span style="white-space: normal; background-color: rgba(255, 255, 255, 0);">No improvements come from shouting:</span></font></pre><pre class="moz-signature" cols="72"><font face=".SFUIDisplay-Regular"><span style="white-space: normal; background-color: rgba(255, 255, 255, 0);">"MALE BOVINE MANURE!!!" </span></font></pre></div><div><br><div><br><br><pre class="moz-signature" cols="72"><font face=".SFUIDisplay-Regular"><span style="white-space: normal; background-color: rgba(255, 255, 255, 0);">-- 
Best regards</span></font></pre><pre class="moz-signature" cols="72"><font face=".SFUIDisplay-Regular"><span style="white-space: normal; background-color: rgba(255, 255, 255, 0);">Sten Carlsen</span></font></pre><pre class="moz-signature" cols="72"><font face=".SFUIDisplay-Regular"><span style="white-space: normal; background-color: rgba(255, 255, 255, 0);">No improvements come from shouting:</span></font></pre><pre class="moz-signature" cols="72"><font face=".SFUIDisplay-Regular"><span style="white-space: normal; background-color: rgba(255, 255, 255, 0);">"MALE BOVINE MANURE!!!" </span></font></pre></div><div><br><br><pre class="moz-signature" cols="72"><font face=".SFUIDisplay-Regular"><span style="white-space: normal; background-color: rgba(255, 255, 255, 0);">-- 
Best regards</span></font></pre><pre class="moz-signature" cols="72"><font face=".SFUIDisplay-Regular"><span style="white-space: normal; background-color: rgba(255, 255, 255, 0);">Sten Carlsen</span></font></pre><pre class="moz-signature" cols="72"><font face=".SFUIDisplay-Regular"><span style="white-space: normal; background-color: rgba(255, 255, 255, 0);">No improvements come from shouting:</span></font></pre><pre class="moz-signature" cols="72"><font face=".SFUIDisplay-Regular"><span style="white-space: normal; background-color: rgba(255, 255, 255, 0);">"MALE BOVINE MANURE!!!" </span></font></pre></div>On 18 Oct 2016, at 10.28, RAM MOHAN, Hari Ganesh <<a href="mailto:hari.rammohan@atos.net">hari.rammohan@atos.net</a>> wrote:<br><br></div><blockquote type="cite"><div><span>View concept works in order, as you have internal_lan view first, acl1 users are falling to this view and not able to find vpn_zone.</span><br><span></span><br><span>You may try swapping order,</span><br><span></span><br><span>// vpn</span><br><span>view "vpn" {</span><br><span>         match-clients { acl1; };</span><br><span></span><br><span>         zone "vpn_zone" {</span><br><span>                 type master;</span><br><span>                 file "/etc/bind/zones/vpn.db";</span><br><span>         };</span><br><span></span><br><span>};</span><br><span></span><br><span>// zone1</span><br><span>view "internal_lan" {</span><br><span>         match-clients { acl1; acl2; };</span><br><span>         include "/etc/bind/named.conf.default-zones";</span><br><span></span><br><span>         zone "zone1" {</span><br><span>                 type master;</span><br><span>                 file "/etc/bind/zones/zone1.db";</span><br><span>         };</span><br><span></span><br><span>Thanks & Regards,</span><br><span></span><br><span>Hari Ganesh Ram Mohan</span><br><span></span><br><span></span><br><span>-----Original Message-----</span><br><span>From: bind-users [<a href="mailto:bind-users-bounces@lists.isc.org">mailto:bind-users-bounces@lists.isc.org</a>] On Behalf Of Pol Hallen</span><br><span>Sent: Tuesday, October 18, 2016 1:21 PM</span><br><span>To: <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a></span><br><span>Subject: view problem</span><br><span></span><br><span>Hi all :-)</span><br><span></span><br><span>I've two zones: zone1 is an internal zone and another zone: vpn.</span><br><span></span><br><span>I need that acl1 can "see" internal vpn zone, the problem is that acl1 "see" vpn zone as external zone because this zone is a FQDN, while should see vpn as vpn.db.</span><br><span></span><br><span>192.168.1.0/24 are clients with also openvpn clients, while</span><br><span>192.168.2.0/24 are not vpn clients.</span><br><span></span><br><span>sorry but I can't simplify :-/</span><br><span></span><br><span>acl1 {192.168.1.0/24; };</span><br><span>acl2 {192.168.2.0/24; };</span><br><span></span><br><span>// zone1</span><br><span>view "internal_lan" {</span><br><span>         match-clients { acl1; acl2; };</span><br><span>         include "/etc/bind/named.conf.default-zones";</span><br><span></span><br><span>         zone "zone1" {</span><br><span>                 type master;</span><br><span>                 file "/etc/bind/zones/zone1.db";</span><br><span>         };</span><br><span></span><br><span>// vpn</span><br><span>view "vpn" {</span><br><span>         match-clients { acl1; };</span><br><span></span><br><span>         zone "vpn_zone" {</span><br><span>                 type master;</span><br><span>                 file "/etc/bind/zones/vpn.db";</span><br><span>         };</span><br><span></span><br><span>};</span><br><span></span><br><span></span><br><span>Pol</span><br><span>_______________________________________________</span><br><span>Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list</span><br><span></span><br><span>bind-users mailing list</span><br><span><a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a></span><br><span><a href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></span><br><span>_______________________________________________</span><br><span>Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list</span><br><span></span><br><span>bind-users mailing list</span><br><span><a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a></span><br><span><a href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></span><br></div></blockquote></div></body></html>