[GRLUG] Ok, I'm stumped. BIND9 question.
Michael Mol
mikemol at gmail.com
Sat Jan 15 12:55:49 EST 2011
The bind9 package on Debian splits configuration between three files:
named.conf.options, named.conf and named.conf.local named.conf
includes named.conf.options as a header, and named.conf.local as a
footer. Bind itself reads named.conf. For clarity's sake, I'm
more-or-less inlining all three files.
To describe the scenario, consider two groups, A and B. This
nameserver exists within group A's network, and is accessible from
group B's network. This nameserver should provide DNS information on
group A's hosts to both groups A and B as master. For group B, this
nameserver should forward group A's requests over to group B's
nameserver.
All of that's easy. Here's the rub; in bind9, if you define _any_
views, then _all_ zone declarations must exist within a view. (bind9
won't create an implicit 'internal' view for you.) However, on Debian,
the basic forward and reverse zones are defined and maintained in
named.conf, and those zones then need to be included within some view
statement. We see open a 'topView' in named.conf.options, and we close
that view in named.conf.local.
I've also included in topView the configuration for the zones for
which group A is responsible.
So, then, how to get topView's defined zones into the viewersA view
and viewersB view?
//////////////////////////////////////
// begin named.conf.options section //
//////////////////////////////////////
options {
recursion no;
};
acl "local-system" { 127/8; };
acl "groupA" { 10.1/16; };
acl "groupB" { 192.168/16; };
view "topView" {
////////////////////////////////////
// end named.conf.options section //
////////////////////////////////////
// begin named.conf section //
////////////////////////////////////
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
////////////////////////////////////
// end named.conf section //
////////////////////////////////////
// begin named.conf.local section //
////////////////////////////////////
zone "groupa.inner.space" {
type master;
file "/etc/bind/db.groupa.inner.space";
};
// End the 'topView' view began in named.conf.options
};
view viewersA {
match-clients { "groupA"; "local-system"; };
recursion yes;
zone "groupb.inner.space" {
type forward;
forwarders { 192.168.0.1; };
forward only;
};
};
view viewersB {
match-clients { "groupB"; };
};
--
:wq
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the grlug
mailing list