LinuxQuestions.org - BInd9 and VIEW

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - BInd9 and VIEW (https://www.linuxquestions.org/questions/linux-networking-3/bind9-and-view-465404/)

I have big problems with understanding view statment. i read docs but it isnt clear for me :((
I apt-get install bind9 dnsutils.
I am running bind 9.3
I want to separate my external and internal network.
I create two zones files in /etc/bind.
First zone file is for external use and i called him
db.garden-external.com and second db.garden-internal.com
with local ip adreses.

zone file 1 :

Code:

TTL 14400

@      86400  IN      SOA    ns2.garden.com.      garden.com.    (

                                        2006031501

                                        28800

                                        14400

                                        3600000

                                        86400

                                        )



garden.com.  86400  IN      NS      ns1.garden.com.

garden.com.  86400  IN      NS      ns2.garden.com.



garden.com.  14400  IN      A      62.62.11.101



localhost.garden.com.        14400  IN      A      127.0.0.1





garden.com.  14400  IN      MX      10      ns1.garden.com.



ftp    14400  IN      A      62.62.11.101

mail    14400  IN      A      62.62.11.100

www    14400  IN      A      62.62.11.101

ns1    14400  IN      A      62.62.11.101

ns2    14400  IN      A      62.62.11.100

web    14400  IN      A      62.62.11.100

zone file 2 :

Code:

$TTL 14400

@      86400  IN      SOA    ns2.garden.com.      garden.com.    (

                                        2006031522

                                        28800

                                        14400

                                        3600000

                                        86400

                                        )



garden.com.  86400  IN      NS      ns1.garden.com.

garden.com.  86400  IN      NS      ns2.garden.com.



garden.com.  14400  IN      A      192.168.1.2



localhost.garden.com.        14400  IN      A      127.0.0.1





garden.com.  14400  IN      MX      10      ns1.garden.com.



ftp    14400  IN      A      192.168.1.2

mail    14400  IN      A      192.168.1.1

www    14400  IN      A      192.168.1.2

ns1    14400  IN      A      192.168.1.1

ns2    14400  IN      A      192.168.1.2

web    14400  IN      A      192.168.1.2

is this ok?
Now i must edit named.conf with VIEW but i dont know how.
I dont know where to put view statment....i dont have a clue.
I try with

Code:

zone "255.in-addr.arpa" {

type master;

file "/etc/bind/db.255";

};



view "trusted" {

 match-clients { 192.168.23.0/24; }; 

  recursion yes;

  zone "garden.com" {

  type master;

  file "/etc/bind/db.garden-int.com";

  };

 };

view "badguys" {

 match-clients {"any"; }; 

 recursion no;

 };

 zone "garden.com" {

  type master;

  file "/etc/bind/db.garden-ext.com";

  };

 };









include "/etc/bind/named.conf.local";

But its says that all zones must be in view.

WHAT!!!

As the error message states - "named.conf:1: when using 'view' statements, all zones must be in views"

In your case, you would need to move the zone "255.in-addr.arpa" within your "trusted" view space.

Code:

view "trusted" {

  match-clients { 192.168.23.0/24; };

  recursion yes;



  zone "garden.com" {

    type master;

    file "/etc/bind/db.garden-int.com";

  };



  zone "255.in-addr.arpa" {

    type master;

    file "/etc/bind/db.255";

  };

};



view "badguys" {

  match-clients {"any"; };

  recursion no;



  zone "garden.com" {

    type master;

    file "/etc/bind/db.garden-ext.com";

  };

};

Code:

// This is the primary configuration file for the BIND DNS server named.

//

// Please read /usr/share/doc/bind9/README.Debian.gz for information on the

// structure of BIND configuration files in Debian, *BEFORE* you customize

// this configuration file.

//

// If you are just adding zones, please do that in /etc/bind/named.conf.local



include "/etc/bind/named.conf.options";



// prime the server with knowledge of the root servers

zone "." {

        type hint;

        file "/etc/bind/db.root";

};



// be authoritative for the localhost forward and reverse zones, and for

// broadcast zones as per RFC 1912



zone "localhost" {

        type master;

        file "/etc/bind/db.local";

};



zone "127.in-addr.arpa" {

        type master;

        file "/etc/bind/db.127";

};



zone "0.in-addr.arpa" {

        type master;

        file "/etc/bind/db.0";

};



zone "255.in-addr.arpa" {

        type master;

        file "/etc/bind/db.255";

};

I have these before my VIEW code. Must i CUT these zones and paste them in VIEW code block like a :

Code:

view "trusted" {

  match-clients { 192.168.23.0/24; };

  recursion yes;



  zone "garden.com" {

    type master;

    file "/etc/bind/db.garden-int.com";

  };



  zone "255.in-addr.arpa" {

    type master;

    file "/etc/bind/db.255";

  };



zone "." {

        type hint;

        file "/etc/bind/db.root";

};



zone "localhost" {

        type master;

        file "/etc/bind/db.local";

};

zone "127.in-addr.arpa" {

        type master;

        file "/etc/bind/db.127";

};



};



view "badguys" {

  match-clients {"any"; };

  recursion no;



  zone "garden.com" {

    type master;

    file "/etc/bind/db.garden-ext.com";

  };

};