I'm attempting to set up a name server with split zones, so the internal network can do recursive lookups, but people on the outside can't.<br><br>My 2 main references have been:<br><br><a href="http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch04.html#AEN767">http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch04.html#AEN767</a><br>
<br><a href="http://www.knowplace.org/pages/howtos/split_view_with_bind_9_howto.php">http://www.knowplace.org/pages/howtos/split_view_with_bind_9_howto.php</a><br><br>This config runs, but doesn't look like it's blocking the "external" people - I get the same results back from "dig -t NS @<a href="http://my.name.server.com">my.name.server.com</a>" from the inside and the outside. If I make it block 127.0.0.1 (while running it on my laptop) I get back basically no results, which is what you should get externally if it's working.<br>
<br>Here's a scaled down sample of what I'm trying. One thing I was wondering about is if the problem is due to having the firewall at 192.168.1.1, which is included in the <a href="http://192.168.1.0/24">192.168.1.0/24</a> subnet?<br>
<br>I've also tried both iterations of the "match-clients { !localnets; any; };" with and without the !localnets parameter.<br><br>Any ideas?<br><br>-dc<br><br>----------<br>// named.conf<br><br>acl internals { <a href="http://192.168.1.0/24">192.168.1.0/24</a>; };<br>
<br>options {<br> directory "/var/named";<br> dump-file "/var/named/data/cache_dump.db";<br> statistics-file "/var/named/data/named_stats.txt";<br><br> recursion no;<br>};<br>
<br>controls {<br> inet 127.0.0.1 allow { localhost; } keys { rndckey; };<br>};<br><br>include "/etc/rndc.key";<br><br>// -----------------------------------------------<br>view "internal" {<br> match-clients { internals; };<br>
recursion yes;<br> notify no;<br><br> include "/etc/root_zones.inc";<br><br> include "/etc/master_zones.inc";<br>};<br><br>// -----------------------------------------------<br>view "external" {<br>
//match-clients { !localnets; any; };<br> match-clients { any; };<br> recursion no;<br><br> include "/etc/master_zones.inc";<br>};<br><br>