[bind10-dev] Extending views with groups

Jerry Scharf scharf at isc.org
Fri Oct 15 04:53:39 UTC 2010 

Jorgen,

Views were designed to handle the case of two independent network 
domains that were connected in a limited way with a single nameserver 
offering information to both sides. Think about a classic corporate 
firewall with bastion net hosts. The NXDOM (no domain) response makes 
complete sense in this setting.

While you may be right that it would be a simple change, it is a change 
in semantics. The surprise to anyone who understands the current 
operation of views would be large. So please put this in as a new 
feature with a different name rather than trying to overload the view 
semantics. Code reuse is a separate issue and that will depend on the 
final requirements of the new feature.

warmly,
jerry

On 10/14/2010 02:45 PM, J. Thomsen wrote:
> The view facility is apparently only useful for several copies of the same zone and not for
> grouping zones.
>
> If a zone is not present in the first view matching the client, but in another view below,
> BIND will apparently return a response of zone not found and not use the next matching view.
>
> As we need a way to administer several groups of zones I was trying to use it for that, but
> this is not possible.
>
> With the rndc addzone/delzone implemented in 9.7.2 with separate view files for the zone
> statements, it would be obvious to use this facility for maintaining different groups of
> zones within BIND itself and not as now using different include files and external editing
> tools.
>
> My suggestion is that the view concept should be extended to groups including of course
> solutions to both resolving and AXFR to slaves.
> User defined names of the .nzf files should also be implemented.
>
> Without much analysis I believe that implementing a search for first matching view
> containing the zone should be sufficient and backwards compatible.
>
> - Jørgen Thomsen
>
> PS. The ARM on views should be corrected and improved with examples of using keys in the
> match-... statements.
> _______________________________________________
> bind10-dev mailing list
> bind10-dev at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind10-dev
>

More information about the bind10-dev mailing list