UPDATE: Bind 9 seperate access lists

From: Chris Denneen (sunmanagers@ghostspace.com)
Date: Fri May 07 2004 - 18:47:10 EDT

• Next message: Stewart, John: "Disparate performance in two E4500s running Oracle"
• Previous message: Chris Denneen: "OT: Bind 9 seperate access lists"
• In reply to: Chris Denneen: "OT: Bind 9 seperate access lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I found this online but I would like some clarification on a few things:

acl "corpnet" { 10.1/16; };
        
        view "internal" {
                match-clients { "corpnet"; };
                
                zone "foobar.org" {
                        type master;
                        file "internal/map.foobar.org";
                };
                
                zone "internal.foobar.org" {
                        type master;
                        file "internal/map.internal.foobar.org";
                };
        };
        
        view "external" {
                match-clients { any; };
                
                zone "foobar.org" {
                        type master;
                        file "external/map.foobar.org";
                };
                
                zone "internal.foobar.org" {
                        type master;
                        file "internal/map.internal.foobar.org";
                        allow-query { "corpnet"; };
                };
        };

Now how is this efficient to have multiple views?
Can't I just create a view called "external", with match-client set to "any"
and the zones that I want to restrict to the outside world I put the
"allow-query" statement in?

I know I'm new to ACL rules for bind so please help me understand.
Just doesn't seem efficient if I need to create all zones in each view. (too
much human room for error)

Thanks

Chris

-----Original Message-----
From: Chris Denneen [mailto:sunmanagers@ghostspace.com]
Sent: Friday, May 07, 2004 6:20 PM
To: sunmanagers@sunmanagers.org
Subject: OT: Bind 9 seperate access lists

All,

I am sure this is a pretty easy thing to do just don't know much about
setting up correct access lists in Bind 9.

Here is what I want to do.

How do I setup named.conf for bind 9 to handle access control of records and
zones that some are internal and some are external.

Ie.

I need external records (listed somewhere) to be resolvable to the outside
world.

Then I need another set of PTR and FORWARD zones to only be resolvable to
our internal network.

So therefore

Internal and External can resolve records on:
domain.com.include
ptr.public-network.include

Internal only can resolve:
internal.domain.com.include
10.1.10-in-addr.arpa

Etc.

Please help.

Thanks
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Stewart, John: "Disparate performance in two E4500s running Oracle"
• Previous message: Chris Denneen: "OT: Bind 9 seperate access lists"
• In reply to: Chris Denneen: "OT: Bind 9 seperate access lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:28:37 EDT