On Thu, 09 Oct 2003, Pete Toscano wrote:
> view "internal" {
> match-clients {
> 192.168.1.0/24;
> };
> zone "nittanytravel.com" {
> type master;
> file "nt-private";
> };
> };
> view "external" {
> match-clients {
> any;
> };
> zone "nittanytravel.com" {
> type master;
> file "nt-public";
> };
> };
After looking at this example again, I realized that it wouldn't work if
your nameserver is behind a NAT firewall (since all queries for the
external view would look like their coming from the private IP of the
NAT box), which seems to be the case. To work around this, you might
want to do...
view "external" {
match-clients {
192.168.1.1;
};
zone "nittanytravel.com" {
type master;
file "nt-public";
};
};
view "internal" {
match-clients {
any;
};
zone "nittanytravel.com" {
type master;
file "nt-private";
};
};
This assumes that your NAT box's IP is 192.168.1.1. The (slight)
problem with this config is that the NAT box won't be able to resolve
anything to their private IP address, but then, why would a NAT box need
to do address resolution?
Also, keep in mind that the order of the view statements is important;
whichever statement matches first is the block used.
HTH,
pete
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
