RE: [sclug-generallist] Split DNS

Mon, 23 Feb 2004 16:24:41 -0800 

Follow up on the Split DNS...

Was easier than I thought.  There is no need to alias an IP.  Some of the
confusion comes from the different BIND versions.  9.x and higher has this
'view' feature.  There are also descriptions on how to do this pre 9...
that might confuse you.  I found a page
(http://sysadmin.oreilly.com/lpt/a/2152) which described 'Views in BIND 9'
for me (by Cricket Liu from DNS and Bind fame).  The view defines what IPs
see which view through the match-clients option.  See an example of what I
ended up with for an /etc/named.conf file below.  I defined an "internal"
view and an "external" view.  On the internal view I have the standard
domains defined plus two ficticious domains that might be registered.  In
the external view, only the two registered domains are listed.  You can
see that there are directories defined for the internal and the external
files.  The files in the internal directory will have internal addresses
(in this case 10.123.1.x) in the zone file... the external directory will
have external addresses (public addresses) in the zone files.



## named.conf - configuration for bind
#
# Generated automatically by bindconf, alchemist et al.
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

include "/etc/rndc.key";

acl "internalacl" {
        10.222.1/24;
};
options {
        directory "/var/named/";

## named.conf - configuration for bind
#
# Generated automatically by bindconf, alchemist et al.
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

include "/etc/rndc.key";

acl "internalacl" {
        10.123.1/24;
};
options {
        directory "/var/named/";
        pid-file "/var/run/named/named.pid";
        allow-recursion { "internalacl"; };
};

view "internal" {

        match-clients { localnets; };
        recursion yes;

        zone  "." {
                type hint;
                file  "internal/named.ca";
        };


        zone  "0.0.127.in-addr.arpa" {
                type master;
                file  "internal/0.0.127.in-addr.arpa.zone";
        };

        zone  "1.123.10.in-addr.arpa" {
                type master;
                file  "internal/1.123.10.in-addr.arpa.zone";
        };


        zone  "localhost" {
                type master;
                file  "internal/localhost.zone";
        };

        zone  "yourdomainhere.com" {
                type master;
                file  "internal/yourdomainhere.com.zone";
        };

        zone  "anotherdomain.com" {
                type master;
                file  "internal/anotherdomain.com.zone";
        };
};

view "external" {

        match-clients { any; };
        recursion no;

        zone  "yourdomainhere.com" {
                type master;
                file  "external/yourdomainhere.com.zone";
                allow-transfer { any; };
        };

        zone  "anotherdomain.com" {
                type master;
                file  "external/anotherdomain.com.zone";
                allow-transfer { any; };
        };
};

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to