BInd9 and VIEW

unkn0wn · 07-19-2006, 01:16 AM

I have big problems with understanding view statment. i read docs but it isnt clear for me

(
I apt-get install bind9 dnsutils.
I am running bind 9.3
I want to separate my external and internal network.
I create two zones files in /etc/bind.
First zone file is for external use and i called him
db.garden-external.com and second db.garden-internal.com
with local ip adreses.

zone file 1 :

Code:

TTL 14400
@       86400   IN      SOA     ns2.garden.com.      garden.com.    (
                                        2006031501
                                        28800
                                        14400
                                        3600000
                                        86400
                                        )

garden.com.  86400   IN      NS      ns1.garden.com.
garden.com.  86400   IN      NS      ns2.garden.com.

garden.com.  14400   IN      A       62.62.11.101

localhost.garden.com.        14400   IN      A       127.0.0.1


garden.com.  14400   IN      MX      10       ns1.garden.com.

ftp     14400   IN      A       62.62.11.101
mail    14400   IN      A       62.62.11.100
www     14400   IN      A       62.62.11.101
ns1     14400   IN      A       62.62.11.101
ns2     14400   IN      A       62.62.11.100
web     14400   IN      A       62.62.11.100

zone file 2 :

Code:

$TTL 14400
@       86400   IN      SOA     ns2.garden.com.      garden.com.    (
                                        2006031522
                                        28800
                                        14400
                                        3600000
                                        86400
                                        )

garden.com.  86400   IN      NS      ns1.garden.com.
garden.com.  86400   IN      NS      ns2.garden.com.

garden.com.  14400   IN      A       192.168.1.2

localhost.garden.com.        14400   IN      A       127.0.0.1


garden.com.  14400   IN      MX      10       ns1.garden.com.

ftp     14400   IN      A       192.168.1.2
mail    14400   IN      A       192.168.1.1
www     14400   IN      A       192.168.1.2
ns1     14400   IN      A       192.168.1.1
ns2     14400   IN      A       192.168.1.2
web     14400   IN      A       192.168.1.2

is this ok?
Now i must edit named.conf with VIEW but i dont know how.
I dont know where to put view statment....i dont have a clue.
I try with

Code:

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

view "trusted" {
 match-clients { 192.168.23.0/24; }; 
  recursion yes;
  zone "garden.com" {
   type master;
   file "/etc/bind/db.garden-int.com";
  };
 };
view "badguys" {
 match-clients {"any"; }; 
 recursion no;
 };
 zone "garden.com" {
   type master;
   file "/etc/bind/db.garden-ext.com";
  };
 };




include "/etc/bind/named.conf.local";

But its says that all zones must be in view.

WHAT!!!

scowles · 07-19-2006, 07:17 AM

As the error message states - "named.conf:1: when using 'view' statements, all zones must be in views"

In your case, you would need to move the zone "255.in-addr.arpa" within your "trusted" view space.

Code:

view "trusted" {
  match-clients { 192.168.23.0/24; };
  recursion yes;

  zone "garden.com" {
    type master;
    file "/etc/bind/db.garden-int.com";
  };

  zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
  };
};

view "badguys" {
  match-clients {"any"; };
  recursion no;

  zone "garden.com" {
    type master;
    file "/etc/bind/db.garden-ext.com";
  };
};

unkn0wn · 07-19-2006, 08:04 AM

Code:

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

I have these before my VIEW code. Must i CUT these zones and paste them in VIEW code block like a :

Code:

view "trusted" {
  match-clients { 192.168.23.0/24; };
  recursion yes;

  zone "garden.com" {
    type master;
    file "/etc/bind/db.garden-int.com";
  };

  zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
  };

zone "." {
        type hint;
        file "/etc/bind/db.root";
};

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

};

view "badguys" {
  match-clients {"any"; };
  recursion no;

  zone "garden.com" {
    type master;
    file "/etc/bind/db.garden-ext.com";
  };
};