Re: About query response on a view

2015-12-10 Thread Mark Andrews
In message <1449745839.4651.50.ca...@posix.co.za>, Mark Elkins writes: > > On Thu, 2015-12-10 at 08:53 +, Okan Bostan wrote: > > Hi, > > Firstly thanks for all the responses, giving more details about our > > config: > > > > Internal view: Internal DNS service for the internal clients. Accepts

Re: About query response on a view

2015-12-10 Thread Eray Aslan
On Thu, Dec 10, 2015 at 08:53:52AM +, Okan Bostan wrote: > Also we will consider to separate the recursive and authoritative > servers, but separating them with views isn't a good solution? Not really, no. They serve different purposes and hence require different settings. You can munge it f

Re: About query response on a view

2015-12-10 Thread Mark Elkins
nks for the detailed explanation and the > note. > > Regards, > > Okan Bostan > > > > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Darcy Kevin > (FCA) > Sent: Thursday, December 10, 2015 1:43 AM > To: bind-user

RE: About query response on a view

2015-12-10 Thread Okan Bostan
rom: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Darcy Kevin (FCA) Sent: Thursday, December 10, 2015 1:43 AM To: bind-users@lists.isc.org Subject: RE: About query response on a view Well, there some things that are not clear from your message: A) w

RE: About query response on a view

2015-12-09 Thread Darcy Kevin (FCA)
Well, there some things that are not clear from your message: A) when you do your "dig", what is your source address, what is your destination address, and what is your match-clients ACL for the internal view? These values have a bearing on what view you're going to match. Seems like you're mat

Re: About query response on a view

2015-12-09 Thread Mark Elkins
If you ever want to do DNSSEC - you are going to have a problem. If possible - have two different servers, one for inside, one for outside. This could be: (1) Two different machines (2) One machine - virtualised - each of the two virtual machines logically like (1) (3) One machine with two IP add

Re: About query response on a view

2015-12-09 Thread Barry S. Finkel
Okan Bostan wrote: Hello List, We are planning to migrate to Bind dns, I'm a bit newbie. In our design we have two views; int and ext. As internal view, recursion is on and we have our internal zones & forwarders. I have no problem with internal view. In external view, recursion in no. Also

Re: About query response on a view

2015-12-09 Thread Eray Aslan
On Wed, Dec 09, 2015 at 09:11:28AM +, Okan Bostan wrote: > As internal view, recursion is on and we have our internal zones & > forwarders. I have no problem with internal view. Do try and separate authoritative and recursive servers in your environment. > But in our existing DNS enviroment,