Pol,
If your master server itself providing DNS service to clients, then you may try
something like this, (Else you may use the same order and forwarder on your
slave servers)
// vpn
view "vpn" {
match-clients { acl1; };
forward only;
forwarders { 127.0.0.1; };
zone "vpn_zone" {
type master;
file "/etc/bind/zones/vpn.db";
};
};
// zone1
view "internal_lan" {
match-clients { acl1; acl2; };
include "/etc/bind/named.conf.default-zones";
zone "zone1" {
type master;
file "/etc/bind/zones/zone1.db";
};
Thanks & Regards,
Hari Ganesh Ram Mohan
From: Sten Carlsen [mailto:st...@s-carlsen.dk]
Sent: Tuesday, October 18, 2016 2:37 PM
To: RAM MOHAN, Hari Ganesh
Cc: m...@fuckaround.org; bind-users@lists.isc.org
Subject: Re: view problem
Please be aware that only one view is visible for any client. You have acl1 in
both views indicating that you assume a host in acl1 can get info from both
views - this is not possible. The list is searched from the top of the file and
the first match, only the first, will be the DNS service available to the
client.
-- Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-- Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-- Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
On 18 Oct 2016, at 10.28, RAM MOHAN, Hari Ganesh
<hari.rammo...@atos.net<mailto:hari.rammo...@atos.net>> wrote:
View concept works in order, as you have internal_lan view first, acl1 users
are falling to this view and not able to find vpn_zone.
You may try swapping order,
// vpn
view "vpn" {
match-clients { acl1; };
zone "vpn_zone" {
type master;
file "/etc/bind/zones/vpn.db";
};
};
// zone1
view "internal_lan" {
match-clients { acl1; acl2; };
include "/etc/bind/named.conf.default-zones";
zone "zone1" {
type master;
file "/etc/bind/zones/zone1.db";
};
Thanks & Regards,
Hari Ganesh Ram Mohan
-----Original Message-----
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Pol
Hallen
Sent: Tuesday, October 18, 2016 1:21 PM
To: bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
Subject: view problem
Hi all :-)
I've two zones: zone1 is an internal zone and another zone: vpn.
I need that acl1 can "see" internal vpn zone, the problem is that acl1 "see"
vpn zone as external zone because this zone is a FQDN, while should see vpn as
vpn.db.
192.168.1.0/24 are clients with also openvpn clients, while
192.168.2.0/24 are not vpn clients.
sorry but I can't simplify :-/
acl1 {192.168.1.0/24; };
acl2 {192.168.2.0/24; };
// zone1
view "internal_lan" {
match-clients { acl1; acl2; };
include "/etc/bind/named.conf.default-zones";
zone "zone1" {
type master;
file "/etc/bind/zones/zone1.db";
};
// vpn
view "vpn" {
match-clients { acl1; };
zone "vpn_zone" {
type master;
file "/etc/bind/zones/vpn.db";
};
};
Pol
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
