On Apr 9, 2014, at 4:14 AM, Steven Carr wrote:
However, assuming you are using views on the same IP address and not
splitting it across internal/external servers as that would screw up
NS records), you can reuse the same zone file so those zones that
appear in both internal and external views refer back to the same zone
file, then when you update that zone file both views are updated.
My understanding has been that two views that are masters for
a zone can safely share a zone file if the zone isn't dynamic (e.g.
dnsupdate, dnssec auto signing, etc), but that two views of
a slave zone shouldn't do that: you could have two
different views independently rewriting the same file, a bad thing even
if the files are known to be identical. Furthermore, allowing that
could
conceivably show no problems very much of the time, masking the actual
risk.
If I'm wrong, that would be a good thing to know.
John Wobus
Cornell U
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
