From b01b0bb7719ca9dca6c90a7ff73c18b5a7cc77a5 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 6 Dec 2001 23:10:22 +0000
Subject: [PATCH] Add a multiview zone transfer key based solution.

---
 FAQ | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/FAQ b/FAQ
index 4a3f483f10..17c5e656be 100644
--- a/FAQ
+++ b/FAQ
@@ -265,3 +265,36 @@ use those to make sure you reach the correct view on the other machine.
 
 	You put the external address on the alias so that all the other
 	dns clients on these boxes see the internal view by default.
+
+A: (BIND 9.3 and later) Use TSIG to select the appropriate view.
+
+	Master 10.0.1.1:
+	key "external" {
+		algorithm hmac-md5;
+		secret "xxxxxxxx";
+	};
+	view "internal" {
+		match-clients { !key external; 10.0.1/24; };
+		...
+	};
+	view "external" {
+		match-clients { key external; any; };
+		server 10.0.0.2 { keys external; };
+		recursion no;
+		...
+	};
+
+	Slave 10.0.1.2:
+	key "external" {
+		 algorithm hmac-md5;
+		 secret "xxxxxxxx";
+	};
+	view "internal" {
+		match-clients { !key external; 10.0.1/24; };
+	};
+	view "external" {
+		match-clients { key external; any; };
+		server 10.0.0.1 { keys external; };
+		recursion no;
+		...
+	};