[Opendnssec-user] OpenDNSSEC & BIND
Gavin Brown
gavin.brown at centralnic.com
Fri Jan 31 12:33:21 UTC 2014
On Fri, 31 Jan 2014 12:56:56 +0100, Jakob Schlyter wrote:
> Ramanou,
>
> Something like this should work:
>
> view "unsigned" {
> match-clients { 10.0.0.2; }; # match signer only
>
> zone "example.com" {
> type master;
> file "/var/named/unsigned/example.com";
> };
> };
>
> view "signed" {
> match-clients { any; }; # match anyone else
>
> zone "example.com" {
> type slave;
> masters { 10.0.0.2; };
> file "/var/named/signed/example.com";
> };
> };
I recently built a BIND config very similar to this. Rather than using
match-clients in each view, I gave each view its own IP address and used
match-destinations.
This means you can query the signed and unsigned views remotely, which
is handy for debugging and monitoring.
G.
--
Gavin Brown
Chief Technology Officer
CentralNic Group plc (LSE:CNIC)
Innovative, Reliable and Flexible Registry Services
for ccTLD, gTLD and private domain name registries
https://www.centralnic.com/
CentralNic Group plc is a company registered in England and Wales with
company number 8576358. Registered Offices: 35-39 Moorgate, London,
EC2R 6AR.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 268 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140131/24d439ba/attachment.bin>
More information about the Opendnssec-user
mailing list