Re: view problem

Sten Carlsen Tue, 18 Oct 2016 02:09:08 -0700

Please be aware that only one view is visible for any client. You have acl1 in 
both views indicating that you assume a host in acl1 can get info from both 
views - this is not possible. The list is searched from the top of the file and 
the first match, only the first,  will be the DNS service available to the 
client.


-- Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"



-- Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"


-- Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
> On 18 Oct 2016, at 10.28, RAM MOHAN, Hari Ganesh <hari.rammo...@atos.net> 
> wrote:
> 
> View concept works in order, as you have internal_lan view first, acl1 users 
> are falling to this view and not able to find vpn_zone.
> 
> You may try swapping order,
> 
> // vpn
> view "vpn" {
>         match-clients { acl1; };
> 
>         zone "vpn_zone" {
>                 type master;
>                 file "/etc/bind/zones/vpn.db";
>         };
> 
> };
> 
> // zone1
> view "internal_lan" {
>         match-clients { acl1; acl2; };
>         include "/etc/bind/named.conf.default-zones";
> 
>         zone "zone1" {
>                 type master;
>                 file "/etc/bind/zones/zone1.db";
>         };
> 
> Thanks & Regards,
> 
> Hari Ganesh Ram Mohan
> 
> 
> -----Original Message-----
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Pol 
> Hallen
> Sent: Tuesday, October 18, 2016 1:21 PM
> To: bind-users@lists.isc.org
> Subject: view problem
> 
> Hi all :-)
> 
> I've two zones: zone1 is an internal zone and another zone: vpn.
> 
> I need that acl1 can "see" internal vpn zone, the problem is that acl1 "see" 
> vpn zone as external zone because this zone is a FQDN, while should see vpn 
> as vpn.db.
> 
> 192.168.1.0/24 are clients with also openvpn clients, while
> 192.168.2.0/24 are not vpn clients.
> 
> sorry but I can't simplify :-/
> 
> acl1 {192.168.1.0/24; };
> acl2 {192.168.2.0/24; };
> 
> // zone1
> view "internal_lan" {
>         match-clients { acl1; acl2; };
>         include "/etc/bind/named.conf.default-zones";
> 
>         zone "zone1" {
>                 type master;
>                 file "/etc/bind/zones/zone1.db";
>         };
> 
> // vpn
> view "vpn" {
>         match-clients { acl1; };
> 
>         zone "vpn_zone" {
>                 type master;
>                 file "/etc/bind/zones/vpn.db";
>         };
> 
> };
> 
> 
> Pol
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: view problem

Reply via email to