no. of Views and Zones
Hello Everyone, Have 2 questions, is there any limitation (beside hardware) on number of views? I mean creating a view/customer? And is there any limitation for number of zones/view? Thanks in advance. Alans ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: no. of Views and Zones
Alans, Have 2 questions, is there any limitation (beside hardware) on number of views? I mean creating a view/customer? And is there any limitation for number of zones/view? You cannot use views to group zones for customers. I have recently on this list proposed an extension to the view concept to be able to do this, but nobody has commented on this proposal. Views are primarily used for cases, when IP-adresses are different e.g. internal addresses versus external addresses depending on the client IP address looking up the zone data. - Jørgen Thomsen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: no. of Views and Zones
Pardon a n00b question, but wouldn't that be the case if you used a number of different IPV6 addresses? Bèrto On 31 October 2010 14:04, J. Thomsen l...@jth.net wrote: Alans, Have 2 questions, is there any limitation (beside hardware) on number of views? I mean creating a view/customer? And is there any limitation for number of zones/view? You cannot use views to group zones for customers. I have recently on this list proposed an extension to the view concept to be able to do this, but nobody has commented on this proposal. Views are primarily used for cases, when IP-adresses are different e.g. internal addresses versus external addresses depending on the client IP address looking up the zone data. - Jørgen Thomsen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- == Constitution du 24 juin 1793 - Article 35. - Quand le gouvernement viole les droits du peuple, l'insurrection est, pour le peuple et pour chaque portion du peuple, le plus sacré des droits et le plus indispensable des devoirs. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: no. of Views and Zones
On 10/31/2010 4:48 AM, Alans wrote: Have 2 questions, is there any limitation (beside hardware) on number of views? I mean creating a view/customer? And is there any limitation for number of zones/view? Instead of saying how many views can I get, I think you would be much better off saying why am I trying to implement more views. Can you perhaps explain your need to fragment the DNS namespace (which was NOT supposed to be done)? AlanC signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: no. of Views and Zones
Alan Clegg, Can you perhaps explain your need to fragment the DNS namespace (which was NOT supposed to be done)? I cannot speak for Alans, but only for our own needs. We run DNSes for a number of customers i.e. everybody in the whole world should see the same zone data. No different views of the same zones here. Currently this is implemented by external tools maintaining include files. Recently an rndc addzone/delzone feature has been introduced. It is maintaining views and include files and making instant updates. What I am proposing is a simple generalization of this concept, so that a view can be used as a group thus eliminating the need for external tools. Conceptually this is very simple. Just make BIND search for a zone in all views matching the client until it finds it instead of only searching the first matching view as it does today. It is even backward compatible for current correct configuration of views. mvh Jørgen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: no. of Views and Zones
On 10/31/2010 05:48 PM, Alan Clegg wrote: On 10/31/2010 4:48 AM, Alans wrote: Instead of saying how many views can I get, I think you would be much better off saying why am I trying to implement more views. I'm trying to implement something similar to OpenDNS in a smaller scale. i.e. letting each customer to create their own blacklist domains. So I was thinking if I can create a view for each customer and let them edit their zones in a web interface and here my concern is the number of views i can create and number of zones/view. I'd like to hear if there are other ways to do this. P.S. I read the specs for DNS RPZ but I can't find enough docs about it to try it. Can you perhaps explain your need to fragment the DNS namespace (which was NOT supposed to be done)? AlanC ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Unknown option 'managed-keys' - why?
Hi. Excuse my English. And sorry if it's an stupid question. I'm trying to configure DNSSEC in my server. And after trying using Fedora 7 and CentOS 5, I'm still getting the error message unknown option 'managed-keys'. I've checked in 'man named.conf' and I couldn't found the option. But despite that I think I'm doing something really stupid, but I can't find what. And, yes, I put that option into named.conf file, just below options block: options { # some options here }; managed-keys { # my key }; ... []s Alexander Brazil ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Unknown option 'managed-keys' - why?
Date: Sun, 31 Oct 2010 19:21:55 -0200 From: alexan...@nautae.eti.br Sender: bind-users-bounces+oberman=es@lists.isc.org Hi. Excuse my English. And sorry if it's an stupid question. I'm trying to configure DNSSEC in my server. And after trying using Fedora 7 and CentOS 5, I'm still getting the error message unknown option 'managed-keys'. I've checked in 'man named.conf' and I couldn't found the option. But despite that I think I'm doing something really stupid, but I can't find what. And, yes, I put that option into named.conf file, just below options block: options { # some options here }; managed-keys { # my key }; ... []s What version of BIND in included in your Fedora? Last I looked, the version was ancient. 9.3 or something similar. You really need to update to 9.7.2-P2 as 9.7 is the first (and only) version to support managed-keys. 9.3 does not really support dnssec at all, if that is what you have. Useful DNSSEC shoed up somewhere in 9.6 and rally became usable in 9.7. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users