Add a multiview zone transfer key based solution.

2026-06-10 18:20:00 -04:00 · 2001-12-06 23:10:22 +00:00 · 2001-12-06 23:10:22 +00:00 · b01b0bb771
commit b01b0bb771
parent 1b1f3fca3a
1 changed files with 33 additions and 0 deletions
--- a/33
+++ b/33
@ -265,3 +265,36 @@ use those to make sure you reach the correct view on the other machine.

 	You put the external address on the alias so that all the other
 	dns clients on these boxes see the internal view by default.
+
+A: (BIND 9.3 and later) Use TSIG to select the appropriate view.
+
+	Master 10.0.1.1:
+	key "external" {
+		algorithm hmac-md5;
+		secret "xxxxxxxx";
+	};
+	view "internal" {
+		match-clients { !key external; 10.0.1/24; };
+		...
+	};
+	view "external" {
+		match-clients { key external; any; };
+		server 10.0.0.2 { keys external; };
+		recursion no;
+		...
+	};
+
+	Slave 10.0.1.2:
+	key "external" {
+		 algorithm hmac-md5;
+		 secret "xxxxxxxx";
+	};
+	view "internal" {
+		match-clients { !key external; 10.0.1/24; };
+	};
+	view "external" {
+		match-clients { key external; any; };
+		server 10.0.0.1 { keys external; };
+		recursion no;
+		...
+	};