Alan Clegg wrote:
...
Given choices, I think I'm in agreement with you: I'd chose to not do
views.
Based on the posts here, the OP is going to do views. The best thing to
do is provide the best method of replicating those views to the machines
that are providing slave services without using external applications.
If it were me and I had no other choice than to use views, I'd get into
the system and re-wire everything using BIND 9.7.2 and write a set of
scripts that used "rndc addzone" and "rndc delzone" to control the
master and all of the slaves, configure TSIG keys to manage zone
transfers between hosts, etc.
Cheers!
and Happy New Year!
May 2011 be the best one before we all perish in the fires of whatever
is going to happen in 2012! :)
AlanC
Much thanks! I will look into the TSIG key method for view transfers,
and see if the very conservative (but that I am stuck with) CentOS BIND
version supports it.
Cheers!
Gary
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Found it in a Mark Andrews post:
http://www.mail-archive.com/bind-users@lists.isc.org/msg03593.html
Main snippet:
"The general and robust solution is:
acl allviewkeys { key A; key B; key C; key D; };
match-clients { key A; !allviewkeys; subnet A; }
match-clients { key B; !allviewkeys; subnet B; }
match-clients { key C; !allviewkeys; subnet C; }
match-clients { key D; !allviewkeys; subnet D; }
This is easily expandable to many views without having to touch
each view when a new view is added. The order of the match-clients
acl is important."
Cheers!
Gary
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
