The master selects the view for refresh queries and zone transfer requests the same way -- match-clients, match-destinations -- that it selects the view for ordinary queries.
If you don't want to mess around with multi-homed addresses on your master and/or your slaves (e.g. transfer-source), you may need to implement view-selection via TSIG key, which is probably a good thing to do anyway, from a security standpoint. - Kevin Petersen, Kirsten J - NET wrote: > I may already know the answer to this, but I'm looking for some > confirmation. Is it not possible to do bind views via a slave server? > In other words, does AXFR just transfer the view that the slave can see > and nothing more? > > We have an in-house application that we use to build our dns configs. > I'd like to be able to build to a master server and then have the slaves > do AXFR to get updates from it. The alternative is to push new zone > files out to the name servers directly and do reloads all the time, > which seems more dangerous. In the first scenario, if we do something > that causes named on the master to fail to start, at least the slaves > will still be answering queries. > > However, we were also hoping to implement views so that we can hide dns > for our private address space from the world. But I'm thinking now that > I can't do both of these things. > > Suggestions welcome. :) > > ________________ > Kirsten Petersen > Network Services * Oregon State University > http://oregonstate.edu/net * irc.oregonstate.edu #osu-is > "Paper doesn't grow on trees." > > > > > >
