[Gllug] bind configuration

Alain Williams addw at phcomp.co.uk
Tue Mar 14 09:25:08 UTC 2006


Summary: I want a slighly different internal view for my main server.
I have done it, but would like a neater way.

Motivation:
Setting up a new machine for a customer, it wanted to reach the time servers
0.pool.ntp.org, etc, [**] - but my firewall stopped it. I thought that rather
than allow it out, my main server will act as a time server for internal machines,
I'll get it to use that. Hmmm, don't want to configure a customer machine to
know about my internal server -- so I set up my internal DNS view to be a master
for pool.ntp.org; however my main server needs to see the real pool.ntp.org.

The only way that I could see to do this was with another internal DNS view (bind9).

What I have is an external view : essentially my domain as seen by machines that are
nothing to do with me.

The internal is my domain as viewed by internal machines (so the extra ones that I
don't want the world to see) + internal reverse DNS + it does lookups for internal
machines, etc.

It was to the internal view that I added the master for pool.ntp.org, but I
excluded my main server (localhost + it's address) from seeing it with match-clients
and allow-query. I have a new internal view that is just for my main server
that knows nothing about pool.ntp.org.

The 2 internal views are the same except for pool.ntp.org (some 11 zones).
I would like to come back to 1 internal view with some kind of condition as to
what it shows up for pool.ntp.org -- partly for ease of maintainance, partly
for the aesthetics of keeping it neat and simple.


Any idea how I might do this ?

You can't have a view within a view - I tried that.



[**] before you say, yes I am updating it to use 0.uk.pool.ntp.org, etc.

-- 
Alain Williams
Parliament Hill Computers Ltd.
Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256  http://www.phcomp.co.uk/

#include <std_disclaimer.h>
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list