Fwd: RES: My "Split DNS" doesn't work...

Brian Katzung briank at kappacs.com
Sun Apr 11 19:54:35 UTC 2010


I'm sorry for not replying all in my response. This is resolved.

  - Brian

-------- Original Message --------
Subject: RES: My "Split DNS" doesn't work...
From: "Rafael Guedes de Souza" <rafael at iptrust.com.br>
To: "Brian Katzung" <briank at kappacs.com>
CC: 

Hello Brian! 

 

Thanks for help me to fix this issue! I didn't see this detail alone. It works very well now! And thanks for explain the both match functionality into views.

 

De: Brian Katzung [mailto:briank at kappacs.com] 
Enviada em: sexta-feira, 9 de abril de 2010 15:29
Para: Rafael Guedes de Souza
Assunto: Re: My "Split DNS" doesn't work...

 

Rafael,

The ".internal" and ".external" are not part of the zone names (only the file names), so take them out of your "zone domain.com.br" lines.

Also, you don't generally need to use both match-clients and match-destinations at the same time. Generally, you just pick one of the following two strategies:

1) By client (source) address:
    internal view for match-clients { lan_addresses; }
    external view for match-clients { any; }

2) By destination (server) address:
    internal view for match-destination { internal_interface_addresses; }
    external view for match-destination { wan_or_nat_private_interface_addresses; }

The benefit of the second strategy is the ability to check both views from your internal networks by sending the queries to different interface addresses.

  - Brian

On 2010-04-09 12:16, Rafael Guedes de Souza wrote: 

I have installed on my name Server bind-9, and I try to configure Internal and External zone for my domain at same Server. I look some documentations, but I still have some dificultie to do this.

 

My named.conf :

options

{

        directory "/var/named";

        dump-file               "data/cache_dump.db";

        statistics-file         "data/named_stats.txt";

        memstatistics-file      "data/named_mem_stats.txt";

};

 

logging

{

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

 

view "internal"

{

        match-clients           { localnets; };

        match-destinations      { localnets; };

        include "/etc/named.root.hints";

        include "/etc/named.rfc1912.zones";

        zone "domain.com.br.internal" {

                type master;

                file "data/domain.com.br.internal.zone";

        };

};

 

view    "external"

{

        match-clients           { any; };

        match-destinations      { any; };

        recursion no;

        allow-query-cache { none; };

        include "/etc/named.root.hints";

        zone "domain.com.br.external" {

                type master;

                file "data/domain.com.br.external.zone";

                allow-transfer { 200.200.200.200; 200.200.200.201; };

                notify yes;

        };

};

 

When I use this resolver into my local network, bind match my connection on viewinternal correctly, but I GO to the internet search the information about domain.com.br.

 

Sorry for my poor English.

 

Obs:

My Server works chrooted.

Atenciosamente, 

Rafael Guedes de Souza
Analista de Suporte

ipTrust Tecnologia Ltda - Florianópolis/SC
Fone Com. +55 48 3333 1551
Fone Cel.   +55 48 8431 1121

IronPort Systems Partner
Riverbed Tecnhology Partner
VMware Enterprise Partner
Eset Nod32 Partner
EMC² Partner

 

 
 
_______________________________________________
bind-workers mailing list
bind-workers at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-workers





-- 
Brian Katzung, Kappa Computer Solutions, LLC
Leveraging UNIX, GNU/Linux, open source, and custom
software solutions for business and beyond
Phone: 877.367.8837 x1  http://www.kappacs.com

--
Brian Katzung, Kappa Computer Solutions, LLC
Leveraging UNIX, GNU/Linux, open source, and custom
software solutions for business and beyond
Phone: 877.367.8837 x1  http://www.kappacs.com
Sent from my phone. Please excuse my brevity.


More information about the bind-workers mailing list