View Single Post
  #1  
Old 28th July 2006, 17:45
tetsuo44 tetsuo44 is offline
Junior Member
 
Join Date: Jul 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default problem with named.conf.master

i've modified the named.conf.master to add support off view.
problem : when i save configuration zone are duplicated in each view......
so if i create a zone toto.titi.org it appears twice in both external and internal view.... any idea ?

here is the template :
Code:
acl "xfer" {
        127.0.0.1;
};

acl "trusted" {
        127.0.0.1;
};

options {
        pid-file "/var/run/bind/run/named.pid";
        directory "{BINDDIR}";
        auth-nxdomain no;
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;

        allow-transfer {
                xfer;
        };

        allow-query {
                trusted;
        };

};

view "internal-in" in {
	// Our internal (trusted) view. We permit the internal networks
	// to freely access this view. We perform recursion for our
	// internal hosts, and retrieve data from the cache for them.

	match-clients { trusted; };
	recursion yes;
	additional-from-auth yes;
	additional-from-cache yes;
	allow-query {
		any;
	};

	allow-transfer {
		any;
	};

	// prime the server with knowledge of the root servers
	zone "." {
		type hint;
		file "db.root";
	};

	// be authoritative for the localhost forward and reverse zones, and for
	// broadcast zones as per RFC 1912

	zone "localhost" {
		type master;
		file "db.local";
	};

	zone "127.in-addr.arpa" {
		type master;
		file "db.127";
	};

	zone "0.in-addr.arpa" {
		type master;
		file "db.0";
	};

	zone "255.in-addr.arpa" {
		type master;
		file "db.255";
	};

        <!-- BEGIN DYNAMIC BLOCK: named_reverse -->
        zone "{ZONE}.in-addr.arpa" {
                type master;
                file "pri.{ZONE}.in-addr.arpa";
        };
        <!-- END DYNAMIC BLOCK: named_reverse -->

        <!-- BEGIN DYNAMIC BLOCK: named -->
        zone "{DOMAIN}" {
                type master;
                file "pri.{DOMAIN}";
                allow-query { any; };
        };
        <!-- END DYNAMIC BLOCK: named -->

        <!-- BEGIN DYNAMIC BLOCK: named_slave -->
        zone "{DOMAIN}" {
                type slave;
                file "sec.{DOMAIN}";
                masters { {MASTERS}; };
        };
        <!-- END DYNAMIC BLOCK: named_slave -->
};

view "external-in" in {
	// Our external (untrusted) view. We permit any client to access
	// portions of this view. We do not perform recursion or cache
	// access for hosts using this view.

	match-clients { any; };
	recursion no;
	additional-from-auth no;
	additional-from-cache no;
	// Link in our zones
	// prime the server with knowledge of the root servers
	zone "." {
		type hint;
		file "db.root";
	};

	// be authoritative for the localhost forward and reverse zones, and for
	// broadcast zones as per RFC 1912

        <!-- BEGIN DYNAMIC BLOCK: named_reverse -->
        zone "{ZONE}.in-addr.arpa" {
                type master;
                file "pri.{ZONE}.in-addr.arpa";
        };
        <!-- END DYNAMIC BLOCK: named_reverse -->

        <!-- BEGIN DYNAMIC BLOCK: named -->
        zone "{DOMAIN}" {
                type master;
                file "pri.{DOMAIN}";
                allow-query { any; };
        };
        <!-- END DYNAMIC BLOCK: named -->

        <!-- BEGIN DYNAMIC BLOCK: named_slave -->
        zone "{DOMAIN}" {
                type slave;
                file "sec.{DOMAIN}";
                masters { {MASTERS}; };
        };
        <!-- END DYNAMIC BLOCK: named_slave -->
};

//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////
Reply With Quote
Sponsored Links