From: Chris Denneen (sunmanagers@ghostspace.com)
Date: Fri May 07 2004 - 18:47:10 EDT
I found this online but I would like some clarification on a few things:
acl "corpnet" { 10.1/16; };
view "internal" {
match-clients { "corpnet"; };
zone "foobar.org" {
type master;
file "internal/map.foobar.org";
};
zone "internal.foobar.org" {
type master;
file "internal/map.internal.foobar.org";
};
};
view "external" {
match-clients { any; };
zone "foobar.org" {
type master;
file "external/map.foobar.org";
};
zone "internal.foobar.org" {
type master;
file "internal/map.internal.foobar.org";
allow-query { "corpnet"; };
};
};
Now how is this efficient to have multiple views?
Can't I just create a view called "external", with match-client set to "any"
and the zones that I want to restrict to the outside world I put the
"allow-query" statement in?
I know I'm new to ACL rules for bind so please help me understand.
Just doesn't seem efficient if I need to create all zones in each view. (too
much human room for error)
Thanks
Chris
-----Original Message-----
From: Chris Denneen [mailto:sunmanagers@ghostspace.com]
Sent: Friday, May 07, 2004 6:20 PM
To: sunmanagers@sunmanagers.org
Subject: OT: Bind 9 seperate access lists
All,
I am sure this is a pretty easy thing to do just don't know much about
setting up correct access lists in Bind 9.
Here is what I want to do.
How do I setup named.conf for bind 9 to handle access control of records and
zones that some are internal and some are external.
Ie.
I need external records (listed somewhere) to be resolvable to the outside
world.
Then I need another set of PTR and FORWARD zones to only be resolvable to
our internal network.
So therefore
Internal and External can resolve records on:
domain.com.include
ptr.public-network.include
Internal only can resolve:
internal.domain.com.include
10.1.10-in-addr.arpa
Etc.
Please help.
Thanks
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:28:37 EDT