Re:

Mon, 18 Feb 2019 12:01:12 -0800 

I've already posted a solution for this. Basically, "Define root zone.
Delegate teamviewer.com from root zone. Define teamviewer.com as 'type
forward'".

"Recursion yes" is implied. No views necessary. It doesn't make any sense
anyway, to have the same match-clients list for all of one's views, since
the first one matched is the one that's used.

Did you not see my response, or did you perhaps dislike the approach I
suggested?

There was some subsequent discussion about not relying on DNS resolution as
one's *only* control over what sites one's clients can or cannot access.
While I agree with that, my position is that there's nothing wrong with
controlling DNS resolution, in addition to other controls.

                                              - Kevin

On Mon, Feb 18, 2019 at 10:44 AM Roberto Carna <robertocarn...@gmail.com>
wrote:

> Dear I've implemented two views, one for local resolution and the other
> for forward a public zone to our resolver.
>
> But now I have a problem:
>
> If I define the same clients for the local zone view and forward view,
> depending on the order of the views the client can resolve or not the
> query. In this case client 10.12.1.1 will match view INT and not view EXT:
>
> acl internal { 10.12.1. <https://10.12.1.4>1; };
> acl external { 10.12.1.1; };
>
> view "INT" {
> match-clients { internal; };
> recursion no;
> zone "company.com" {
> type master;
> file "/etc/bind/zones/company.com.db";
> };
>
> view "EXT" {
> match-clients { external; };
> recursion yes;
> zone "teamviewer.com" {
> type forward;
> forward only;
> forwarders {
> 172.1 <https://172.17.10.25>8.1.1;
> };
> };
>
> If I define just one view with local and forward zones, I have to define
> "recursion yes" because the forward zone need this option, but in this case
> a query for a local zone is trying to be resolved against ROOT Servers and
> finally against master zone but it takes some seconds:
>
> acl unique { 10.12.1. <https://10.12.1.4/>1; };
>
> view "INT-EXT" {
> match-clients { unique; };
> recursion yes;
> zone "company.com" {
> type master;
> file "/etc/bind/zones/company.com.db";
> };
> zone "teamviewer.com" {
> type forward;
> forward only;
> forwarders {
> 172.1 <https://172.17.10.25/>8.1.1;
> };
> };
>
> How can I define same clients to try resolving first view and -if there is
> no response- they try with second view ???
>
> Or is there any other way to do what I want?
>
> Regards
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
  • [no subject] Roberto Carna
    • Re: Kevin Darcy
      • Re: Roberto Carna
        • Re: Matus UHLAR - fantomas via bind-users
          • Re: Roberto Carna
            • Re: Crist Clark
              • Re: Roberto Carna
                • Re: Kevin Darcy
                • Re: Matus UHLAR - fantomas
                • Re: Roberto Carna

Reply via email to