LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 12-28-2010, 07:48 AM   #1
frater
Member
 
Registered: Jul 2008
Posts: 121

Rep: Reputation: 23
bind and views


I have a working caching DNS-server using bind.
This setup is being used for years to respond to queries of our clients.


I want to give a certain IP or set of IP's another answer than the one that is given by the Authorative server. I have studied and experimented some with using different 'views'.
I was able to give that test IP a different one, but at the same time the others were not able to resolve that zone again.


I will use the zone 'smtp.mytoplevel.com' as example.

This is my config:
Code:
# grep -vE '^(\/\/|$)' named.conf
include "/etc/bind/named.conf.options";
zone "." {
        type hint;
        file "/etc/bind/db.root";
};
zone "local" {
        type master;
        file "/etc/bind/db.local";
};
zone "localhost" {
        type master;
        file "/etc/bind/db.localhost";
};
zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};
include "/etc/bind/named.conf.local";
Normally named.conf.local is empty, but I have this (not working) config.

Code:
view "badboy" {
   match-clients { 80.120.10.111/32; };
   zone "smtp.mytoplevel.com" {
      type master;
      file "/etc/bind/db.smtp.mytoplevel.com.fixed";
   };

}; // end view

zone "smtp.mytoplevel.com" {
  type master;
    file "/etc/bind/db.smtp.mytoplevel.com";
};
Somehow it's not working as expected. I also thought I would be allowed to leave out the default zone declaration, but then I had errors in my log.

Could someone who knows what I want to do and knows how he can do it help me?
 
Old 12-28-2010, 09:05 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
Blog Entries: 1

Rep: Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070
Hi,

When using the "view" statement, all zones must be inside views. Meaning that you need to put the rest of the zones in another view. E.g:
Code:
view "badboy" {
   match-clients { 80.120.10.111/32; };
   zone "smtp.mytoplevel.com" {
      type master;
      file "/etc/bind/db.smtp.mytoplevel.com.fixed";
   };

}; // end view

view "goodboy" {
   match-clients { any;};

zone "smtp.mytoplevel.com" {
  type master;
    file "/etc/bind/db.smtp.mytoplevel.com";
    };
zone "." {
        type hint;
        file "/etc/bind/db.root";
        };
zone "local" {
        type master;
        file "/etc/bind/db.local";
        };
zone "localhost" {
        type master;
        file "/etc/bind/db.localhost";
        };
zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
        };
zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
        };
zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
        };
};  // end view
Regards
 
Old 12-28-2010, 11:36 AM   #3
frater
Member
 
Registered: Jul 2008
Posts: 121

Original Poster
Rep: Reputation: 23
Aha,

Thank you, I will try that tomorrow.
I interpreted that message wrong... I thought I had to put all the zones I declared previously also inside the "badboy view".
Your post makes more sense. ;-)

Another question, before I try it.

Is it safe to omit the zone for which I want to have an exception in the "goodboy" view?

I would rather let the Authorative DNS-server deal with that request.
The Authorative DNS-server is under my control too, but I'd rather have the Authorative server authorative.
I merely want an exception for "badboy".

Cheers

Last edited by frater; 12-28-2010 at 11:43 AM.
 
Old 12-28-2010, 11:57 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
Blog Entries: 1

Rep: Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070
Quote:
Is it safe to omit the zone for which I want to have an exception in the "goodboy" view?
But isn't this server the authoritative dns for the specific domain? Because you use "type master" in the zone definition.
If it isn't, sure you can omit it and it will be resolved by the real authoritative dns.

Regards
 
Old 12-28-2010, 06:49 PM   #5
frater
Member
 
Registered: Jul 2008
Posts: 121

Original Poster
Rep: Reputation: 23
Quote:
Originally Posted by bathory View Post
But isn't this server the authoritative dns for the specific domain? Because you use "type master" in the zone definition.
If it isn't, sure you can omit it and it will be resolved by the real authoritative dns.

Regards
No, it's only a caching-DNS
When experimenting with the views I had it working for badboy, but it wasn't for the rest. I thought I needed to create a bind-file for the default too.

Will give feedback tomorrow!
 
Old 12-29-2010, 06:56 AM   #6
frater
Member
 
Registered: Jul 2008
Posts: 121

Original Poster
Rep: Reputation: 23
It's working!
Thanks....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Drupal 6: Attachment Views, Page Views, and Theming LXer Syndicated Linux News 0 02-26-2010 12:40 AM
[SOLVED] bind caching nameserver: views/firewalling (RHEL5/CentOS5) deadeyes Linux - Server 4 10-15-2009 10:52 AM
Setting up Bind v9.6 'views' Solaris 9 not resolving? kayasaman Solaris / OpenSolaris 11 05-13-2009 05:50 PM
Bind 9.4 and views not recognized mago Linux - Server 1 03-12-2008 04:03 AM
your views? gui10 Linux - General 1 01-26-2002 04:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration