Use Views to Partition External and Internal Information
An XCCDF Group
Description
If it is not possible to run external and internal nameservers on
separate physical systems, run BIND9 and simulate this feature using views.
Edit /etc/named.conf. Add or correct the following directives (where
SUBNET is the numerical IP representation of your organization in the form
xxx.xxx.xxx.xxx/xx):
acl internal {
SUBNET ;
localhost;
};
view "internal-view" {
match-clients { internal; };
zone "." IN {
type hint;
file "db.cache";
};
zone "internal.example.com " IN {
...
};
};
view "external-view" {
match-clients { any; };
recursion no;
zone "example.com " IN {
...
};
};
warning alert: Warning
As shown in the example, database files which are
required for recursion, such as the root hints file, must be available to any
clients which are allowed to make recursive queries. Under typical
circumstances, this includes only the internal clients which are allowed to use
this server as a general-purpose nameserver.
- ID
- xccdf_org.ssgproject.content_group_dns_server_partition_with_views
- Child Items
- Updated