On Thu, Jun 18, 2009 at 02:12:07PM -0700, Chris Buxton wrote:
...
> Yes, that will absolutely work. But the OP requested a method that did
> not involve managing the public data in two places.
...
Which is exactly what views are for. External data is kept in ONE file,
as below.
named.conf:
...
acl localfolk {
localhost;
LOC.AL.NET.WORK/MASK;
...
};
view "internal" {
// This should match our internal networks.
match-clients { localfolk; };
// Provide recursive service to internal clients only.
recursion yes;
// Provide a complete view of the example.com zone
// including addresses of internal hosts.
zone "example.com" {
type master;
file "zone.example.int";
};
};
view "external" {
// Match all clients not matched by the previous view.
match-clients { any; };
// Refuse recursive service to external clients.
recursion no;
// Provide a restricted view of the example.com zone
// containing only publicly accessible hosts.
zone "example.com" {
type master;
file "zone.example.ext";
};
};
zone.example.ext:
$TTL 1d
@ IN SOA ...
IN NS ...
// Remember to increment the SOA serial number when this is
// updated!
$INCLUDE "data/example.ext.data"
zone.example.int:
$TTL 1d
@ IN SOA ...
IN NS ...
// Remember to increment the SOA serial number when either of
// these is updated!
$INCLUDE "data/example.ext.data"
$INCLUDE "data/example.int.data"
--
/*********************************************************************\
**
** Joe Yao j...@tux.org - Joseph S. D. Yao
**
\*********************************************************************/
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
