I am trying to create three DNS slave servers with views for internal an external IP's. Each has an address in the DMZ and the firewall (actually a CSS) routes requests from the external IP's to the internal addresses. The correspondence is one-to-one:
external.1 <--> dmz.1 external.2 <--> dmz.2 external.3 <--> dmz.3 This seems to work fine as long as the CSS admin remembers the DNS server need to see the actual source address of the request rather some intermediate NAT'ed IP. What I cannot figure out is how to configure the master server. Ideally it would use views too but it has to be on an internal network and only the DMZ machines can reach it: dmz.1 <--> master dmz.2 <--> master dmz.3 <--> master All four of dmz.1, 2, 3 and master are on subnets considered internal. I tried using views on the master and I can get the slaves to transfer the internal or external zones but not both. If I configure the views to treat the internal and dmz networks as internal, requests for an external zone are denied. If I change the configuration so internal and dmz addresses are considered external, requests for the internal zones are denied. All of the servers are running CentOS 5.3 with Bind version 9.3.4. I've searched the net on the subject and I found lots of help getting views to work but little about getting zones transferred in a situation like above. Is it even possible to do this with views? If not, is there a "recommended" solution? -- Stephen Carville _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
