Sunday, January 23, 2011

BIND split-view DNS config problem

We have two DNS servers: one external server controlled by our ISP and one internal server controlled by us. I'd like internal requests for foo.example.com to map to 192.168.100.5 and external requests continue to map to 1.2.3.4, so I'm trying to configure a view in bind. Unfortunately, bind fails when I attempt to reload the configuration. I'm sure I'm missing something simple, but I can't figure out what it is.

options {
        directory "/var/cache/bind";
        forwarders {
         8.8.8.8;
         8.8.4.4;
        };
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};
zone "." {
        type hint;
        file "/etc/bind/db.root";
};
zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};
view "internal" {
      zone "example.com" {
              type master;
              notify no;
              file "/etc/bind/db.example.com";
      };
};
zone "example.corp" {
        type master;
        file "/etc/bind/db.example.corp";
};
zone "100.168.192.in-addr.arpa" {
        type master;
        notify no;
        file "/etc/bind/db.192";
};

I have excluded the entries in the view for allow-recursion and recursion in an attempt to simplify the configuration. If I remove the view and just load the example.com zone directly, it works fine.

Any advice on what I might be missing?

From serverfault organicveggie

  • First, check your logs, but I think you forget 

    acl "lan_hosts" {
    192.168.0.0/24;             # network address of your local LAN
    127.0.0.1;              # allow loop back
};
view "internal" {
        match-clients { lan_hosts; };   
[...]
};
    organicveggie : Actually, match-clients is not required. From http://www.zytrax.com/books/dns/ch7/view.html, "If either or both of match-clients and match-destinations are missing they default to any (all hosts match)."
    From Dom

  • Post what named said.

    organicveggie : Huh. Didn't know about "named-checkconf" until now: # named-checkconf /etc/bind/named.conf:12: when using 'view' statements, all zones must be in views
    From urmum
Posted by Mu Cat at 7:35 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)