Lightner, Jeff wrote:
You would NOT use a single zone for this. Views are designed specifically to control what is seen. However, that control is mainly done by acl's specifying which networks access which views.
Or by server IP. You can use match-destinations with views to provide a different virtual server per server IP address, all on one box, with a single instance of named. You can even combine match-destinations, match-clients, and match-recursive-only together to satisfy even more complex scenarios.
That said, if it were me, I'd run separate boxes, separate VM's, or at least separate instances of named (each attached to a different IP) in the scenario posed by the OP.
Do you assign specific subnets to each client? If so you could do this with views but processing needed to load dozens of views is not something I can comment on as I think most people only do a couple. (Here we do only internal and external to differentiate what people on the internet see as opposed to what people on our intranet see.)
I also don't have any empirical data, but I do expect that setting up thousands of views would have a significant impact on performance — each query runs a gantlet of match-* ACL's before finding the correct view.
Regards, Chris Buxton BlueCat Networks _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
