[Opendnssec-user] OpenDNSSEC & BIND

Gavin Brown gavin.brown at centralnic.com
Fri Jan 31 12:33:21 UTC 2014


On Fri, 31 Jan 2014 12:56:56 +0100, Jakob Schlyter wrote:

> Ramanou,
> 
> Something like this should work:
> 
> view "unsigned" {
> 	match-clients { 10.0.0.2; };  # match signer only
> 
> 	zone "example.com" {
> 		type master;
> 		file "/var/named/unsigned/example.com";
> 	};
> };
> 
> view "signed" {
>         match-clients { any; };  # match anyone else
> 
> 	zone "example.com" {
> 		type slave;
> 		masters { 10.0.0.2; };
> 		file "/var/named/signed/example.com";
> 	};
> };

I recently built a BIND config very similar to this. Rather than using
match-clients in each view, I gave each view its own IP address and used
match-destinations.

This means you can query the signed and unsigned views remotely, which
is handy for debugging and monitoring.

G.

-- 
Gavin Brown
Chief Technology Officer
CentralNic Group plc (LSE:CNIC)
Innovative, Reliable and Flexible Registry Services
for ccTLD, gTLD and private domain name registries
https://www.centralnic.com/

CentralNic Group plc is a company registered in England and Wales with
company number 8576358. Registered Offices: 35-39 Moorgate, London,
EC2R 6AR.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 268 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140131/24d439ba/attachment.bin>


More information about the Opendnssec-user mailing list