You’ll need to duplicate the www name into the internal zone if your internal
clients need to resolve it. If a query doesn’t resolve in one view, it doesn’t
“fail over” to another view in the config. It simply returns the negative
response to the client.
- Kevin
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Elias Pereira
Sent: Friday, May 22, 2015 10:48 AM
To: bind-users@lists.isc.org
Subject: Doubt regarding acls and internal and external view.
Hello everyone,
I have a doubt regarding acls and internal and external view.
If I have some servers and among them, one only has access part of the
"external (world)" to "internal (my infrastructure)." That would be the site
(www). The rest is only internal.
Like that:
www --> zone db.external
any other server/service --> zone db.internal
acl "clients" {
localhost;
192.168.1.1/24<http://192.168.1.1/24>;
172.16.1.1/24<http://172.16.1.1/24>;
};
view "internal" {
match-clients { clients; };
recursion yes;
zone "internal" {
type master;
file "/etc/bind/db.internal";
};
};
view "external" {
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
zone "external" {
type master;
file "/etc/bind/db.external";
};
};
Thus I should only put the site in a zone that is in the external view and the
other servers on the internal view, would it?
--
Elias Pereira
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
