Ted I got your post. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ted Kat. Sent: Monday, February 23, 2004 6:35 PM To: [EMAIL PROTECTED] Subject: RE: [sclug-generallist] Split DNS
Did my post not get thru ? --- Catalyst Mail <[EMAIL PROTECTED]> wrote: > Follow up on the Split DNS... > > Was easier than I thought. There is no need to alias an IP. Some of > the > confusion comes from the different BIND versions. 9.x and higher has > this > 'view' feature. There are also descriptions on how to do this pre > 9... > that might confuse you. I found a page > (http://sysadmin.oreilly.com/lpt/a/2152) which described 'Views in > BIND 9' > for me (by Cricket Liu from DNS and Bind fame). The view defines > what IPs > see which view through the match-clients option. See an example of > what I > ended up with for an /etc/named.conf file below. I defined an > "internal" > view and an "external" view. On the internal view I have the > standard > domains defined plus two ficticious domains that might be registered. > In > the external view, only the two registered domains are listed. You > can > see that there are directories defined for the internal and the > external > files. The files in the internal directory will have internal > addresses > (in this case 10.123.1.x) in the zone file... the external directory > will > have external addresses (public addresses) in the zone files. > > > > ## named.conf - configuration for bind > # > # Generated automatically by bindconf, alchemist et al. > controls { > inet 127.0.0.1 allow { localhost; } keys { rndckey; }; > }; > > include "/etc/rndc.key"; > > acl "internalacl" { > 10.222.1/24; > }; > options { > directory "/var/named/"; > > ## named.conf - configuration for bind > # > # Generated automatically by bindconf, alchemist et al. > controls { > inet 127.0.0.1 allow { localhost; } keys { rndckey; }; > }; > > include "/etc/rndc.key"; > > acl "internalacl" { > 10.123.1/24; > }; > options { > directory "/var/named/"; > pid-file "/var/run/named/named.pid"; > allow-recursion { "internalacl"; }; > }; > > view "internal" { > > match-clients { localnets; }; > recursion yes; > > zone "." { > type hint; > file "internal/named.ca"; > }; > > > zone "0.0.127.in-addr.arpa" { > type master; > file "internal/0.0.127.in-addr.arpa.zone"; > }; > > zone "1.123.10.in-addr.arpa" { > type master; > file "internal/1.123.10.in-addr.arpa.zone"; > }; > > > zone "localhost" { > type master; > file "internal/localhost.zone"; > }; > > zone "yourdomainhere.com" { > type master; > file "internal/yourdomainhere.com.zone"; > }; > > zone "anotherdomain.com" { > type master; > file "internal/anotherdomain.com.zone"; > }; > }; > > view "external" { > > match-clients { any; }; > recursion no; > > zone "yourdomainhere.com" { > type master; > file "external/yourdomainhere.com.zone"; > allow-transfer { any; }; > }; > > zone "anotherdomain.com" { > type master; > file "external/anotherdomain.com.zone"; > allow-transfer { any; }; > }; > }; > > ATTACHMENT part 2 application/x-pkcs7-signature name=smime.p7s ===== Ted Katseres ---------------- ------------------------ -------------------------------- __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools
