[47097] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Selective DNS replies

daemon@ATHENA.MIT.EDU (Clayton Fiske)
Thu Apr 25 13:02:29 2002

Date: Thu, 25 Apr 2002 10:01:21 -0700
From: Clayton Fiske <clay@bloomcounty.org>
To: nanog@merit.edu
Message-ID: <20020425100121.F309@bloomcounty.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20020425124424.D62057-100000@apple.silverwraith.com>; from lists-nanog@silverwraith.com on Thu, Apr 25, 2002 at 12:44:59PM +0100
Errors-To: owner-nanog-outgoing@merit.edu


On Thu, Apr 25, 2002 at 12:44:59PM +0100, Avleen Vig wrote:
> Your conf file shows that it is set up as:
>   Define a view
>   Now allocate zonefiles to it
> 
> What if you host multiple domains, and the view you want to give them
> overlap? Is it not possible to do:
>   Make a zone file
>   Put views in it just for that zone
>   Make another zone file for a different domain
>   Put view in it that overlap the first zoenfiles, but won't conflict
>     because they are in a different zone.
> 
> By overlap I mean something like this:
> Zone1: 'internal' = 10.0.1.0/24  + 'external' = 192.168.1.0/24
> Zone2: 'internal' = 10.0.0.0/16  + 'external' = 192.168.0.0/16
> Zone3: 'internal' = 127.0.0.0/8  + 'external' = 10.0.0.0/16
> 
> Make sense?

Wouldn't you automatically have to have multiple zonefiles per domain
in order to have multiple views? With bind9, my setup is:

view "internal"
    match-clients { <internal client subnets> };
    zone "domain1.com" {
        file "domain1-internal.hosts";
	<other configs snipped>
    };
    zone "domain2.com" {
        file "domain2-internal.hosts";
	<other configs snipped>
    };
};
view "external"
    match-clients { <external client subnets> };
    zone "domain1.com" {
        file "domain1-external.hosts";
	<other configs snipped>
    };
    zone "domain2.com" {
        file "domain2-external.hosts";
	<other configs snipped>
    };
};

If you're referring to clients overlapping, such as:

192.168.0.0/16 sees internal for domain1, external for domain2
10.0.0.0/8     sees external for domain1, external for domain2
172.16.0.0/12  sees external for domain1, internal for domain2

Then I think you'll have to define a view for each combination, and
include whichever zonefiles are appropriate for that view.

-c
home help back first fref pref prev next nref lref last post