Separate zone exceptions for each view in BIND

Posted by Stefan M on Server Fault See other posts from Server Fault or by Stefan M
Published on 2012-10-22T10:25:09Z Indexed on 2012/10/22 11:03 UTC
Read the original article Hit count: 303

Filed under:
|

Problem: Separate zones by query source network and return different records for LAN clients compared to WAN clients.

I've implemented this at home on a small alix router with Bind 9.4. One view called "lan" and one view called "wan". The "lan" view had just the root.hints file and one zone.

The "wan" view had many other zones, including a copy of the one zone from the "lan" view, but with different records.

Querying domain1.tld from the LAN would give me local records. Querying domain1.tld from the WAN would give me external records. Querying domain2.tld from the LAN would give me the same records as from the WAN as it only existed in the WAN view.

Now I'm trying to re-implement this on a larger scale and suddenly my view is unable to query anything outside itself. This is natural according to the bind-users list and they suggest I copy all my views into my LAN view.

I'm hoping someone here has a better solution because that means I'll have to copy, and maintain, thousands of zone files in multiple views. This is unfeasible.

My configuration at home resembles this.

acl lanClients {
 192.168.22.0/24;
 127.0.0.1;
};

view "intranet" {
 match-clients { lanClients; };
 recursion yes;
 notify no;

 // Standard zones
 //
 zone "." {
  type hint;
  file "etc/root.hint";
 };

 zone "domain1.tld" {
  type master;
  file "intranet/domain1.tld";
 };
};

view "internet" {
 match-clients { !localnets; any; };
 recursion no;
 allow-transfer { slaveDNS; };

 include "master.zones";
};

Requests from the LAN for domain1.tld give local records, requests from the WAN give remote records. This works fine both at home and in my new Bind 9.7 on a larger scale.

The difference is that at home I have somehow managed to make my LAN get remote records from domains in master.zones, without specifying those zones as duplicates in the "intranet" view.

Trying this on a larger scale with Bind 9.7 I get no results at all except for the zones specified in the view. What am I missing? I've tried the same configuration for Bind 9.7.

© Server Fault or respective owner

Related posts about dns

Related posts about bind