Re: multiple internal views not working (requested conf files

Mon, 02 Nov 2009 13:55:50 -0800 

Krash, Paul wrote:

Kevin Darcy asked:
Confused. Looks like the clients are matching the correct view, but "fckd.net" is not defined in either view, 
so what exactly was the point of having views? fckd.net names are
going to get resolved the same regardless.


I attempted to obfuscate our internal domain name, Mr. Reed caught it.
fckd.net is the imaginary name of the segment I am serving.
Ah, OK. But now that the real domain name has been "outed", is there any point in trying to obfuscate it? 
Sorry for the confusion, too many balls in the air today
(some are on the floor :-)

what I understand that this:
________________________________________________________________
view dot5 {
        match-clients {
                10.x.5.0/24;
                };
        zone "5.x.10.in-addr.arpa" {
                type master;
                file "/etc/bind/10.19.5.default.rev";
                };
        zone "fckd.net" {
                type master;
                file "/etc/bind/fckd.net.default.dot5";
                notify yes;
                also-notify {
                        10.x.1.32;
                        };
                };
        };
_________________________________________________________

will serve one zone to .5 network only.

While this:

----------------------------------------------------------------

view internal {

        match-clients {
                !10.x.5.0/24;
                10.x.x.0/16     
                };
        zone "fckd.net" {
                type master;
                file "/etc/bind/fckd.net.default";
                notify yes;
                also-notify {
                        10.x.1.32;
                        };
                };
---------------------------------------------------------------

will serve a different zone file to the rest of the 10.x.x.0/16 network.
Views are matched in order, so "!10.x.5.0/24;" is redundant -- anything in that range would have been matched by the previous view.
Also, if 10.x/16 matches your entire community of clients you could just use "any" for the second view. 
I think I am close to resolving this, back to integration of Samba+NFS+
NIS+LDAP+DHCP+DNS+Kerberos w/Active Directory 2008, without third party
plugins and helpers.....(*long* term project)....[sigh]
Make sure to publish a quick 3-step setup guide once you're done with that :-) 

- Kevin

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to