I've already posted a solution for this. Basically, "Define root zone. Delegate teamviewer.com from root zone. Define teamviewer.com as 'type forward'".
"Recursion yes" is implied. No views necessary. It doesn't make any sense anyway, to have the same match-clients list for all of one's views, since the first one matched is the one that's used. Did you not see my response, or did you perhaps dislike the approach I suggested? There was some subsequent discussion about not relying on DNS resolution as one's *only* control over what sites one's clients can or cannot access. While I agree with that, my position is that there's nothing wrong with controlling DNS resolution, in addition to other controls. - Kevin On Mon, Feb 18, 2019 at 10:44 AM Roberto Carna <robertocarn...@gmail.com> wrote: > Dear I've implemented two views, one for local resolution and the other > for forward a public zone to our resolver. > > But now I have a problem: > > If I define the same clients for the local zone view and forward view, > depending on the order of the views the client can resolve or not the > query. In this case client 10.12.1.1 will match view INT and not view EXT: > > acl internal { 10.12.1. <https://10.12.1.4>1; }; > acl external { 10.12.1.1; }; > > view "INT" { > match-clients { internal; }; > recursion no; > zone "company.com" { > type master; > file "/etc/bind/zones/company.com.db"; > }; > > view "EXT" { > match-clients { external; }; > recursion yes; > zone "teamviewer.com" { > type forward; > forward only; > forwarders { > 172.1 <https://172.17.10.25>8.1.1; > }; > }; > > If I define just one view with local and forward zones, I have to define > "recursion yes" because the forward zone need this option, but in this case > a query for a local zone is trying to be resolved against ROOT Servers and > finally against master zone but it takes some seconds: > > acl unique { 10.12.1. <https://10.12.1.4/>1; }; > > view "INT-EXT" { > match-clients { unique; }; > recursion yes; > zone "company.com" { > type master; > file "/etc/bind/zones/company.com.db"; > }; > zone "teamviewer.com" { > type forward; > forward only; > forwarders { > 172.1 <https://172.17.10.25/>8.1.1; > }; > }; > > How can I define same clients to try resolving first view and -if there is > no response- they try with second view ??? > > Or is there any other way to do what I want? > > Regards > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users