<font size=2 face="sans-serif">Hi</font>
<br>
<br><font size=2 face="sans-serif">can someone validate this config for
bind + split horizon (only the views part):</font>
<br>
<br><font size=2 face="sans-serif">acl internal {
</font>
<br><font size=2 face="sans-serif"> 127.0.0.1;
</font>
<br><font size=2 face="sans-serif"> 172.16.0.0/12;
</font>
<br><font size=2 face="sans-serif">};
</font>
<br><font size=2 face="sans-serif">
</font>
<br><font size=2 face="sans-serif">view "internal"
</font>
<br><font size=2 face="sans-serif">{
</font>
<br><font size=2 face="sans-serif"> match-clients
{ internal; };
</font>
<br><font size=2 face="sans-serif"> recursion
yes;
</font>
<br><font size=2 face="sans-serif">
</font>
<br><font size=2 face="sans-serif"> dynamic-db
"ipa" {
</font>
<br><font size=2 face="sans-serif">
library "ldap.so";
</font>
<br><font size=2 face="sans-serif">
arg "uri ldapi://%2fvar%2frun%2fslapd-HSO.socket";
</font>
<br><font size=2 face="sans-serif">
arg "base cn=dns, dc=hso";
</font>
<br><font size=2 face="sans-serif">
arg "fake_mname ipa-2.mgmt.hss.int.";</font>
<br><font size=2 face="sans-serif">
arg "auth_method sasl";</font>
<br><font size=2 face="sans-serif">
arg "sasl_mech GSSAPI";</font>
<br><font size=2 face="sans-serif">
arg "sasl_user DNS/ipa-2.mgmt.hss.int";</font>
<br><font size=2 face="sans-serif">
arg "serial_autoincrement yes";</font>
<br><font size=2 face="sans-serif"> };</font>
<br>
<br><font size=2 face="sans-serif"> zone "."
IN {</font>
<br><font size=2 face="sans-serif">
type hint;</font>
<br><font size=2 face="sans-serif">
file "named.ca";</font>
<br><font size=2 face="sans-serif"> };</font>
<br>
<br><font size=2 face="sans-serif"> include
"/etc/named.rfc1912.zones";</font>
<br><font size=2 face="sans-serif"> include
"/etc/named.root.key";</font>
<br>
<br><font size=2 face="sans-serif">};</font>
<br>
<br><font size=2 face="sans-serif">view "external"</font>
<br><font size=2 face="sans-serif">{</font>
<br><font size=2 face="sans-serif"> match-clients
{ any; };</font>
<br><font size=2 face="sans-serif"> recursion
yes;</font>
<br>
<br><font size=2 face="sans-serif"> zone "mgmt.hss.int"
{</font>
<br><font size=2 face="sans-serif">
type master;</font>
<br><font size=2 face="sans-serif">
file "mgmt.hss.int.db";</font>
<br><font size=2 face="sans-serif"> };</font>
<br>
<br><font size=2 face="sans-serif"> zone "in-addr.arpa"
{</font>
<br><font size=2 face="sans-serif">
type forward;</font>
<br><font size=2 face="sans-serif">
forward only; </font>
<br><font size=2 face="sans-serif">
forwarders { 172.16.8.210; };</font>
<br><font size=2 face="sans-serif"> };</font>
<br>
<br><font size=2 face="sans-serif"> zone "."
IN {</font>
<br><font size=2 face="sans-serif">
type hint;</font>
<br><font size=2 face="sans-serif">
file "named.ca";</font>
<br><font size=2 face="sans-serif"> };</font>
<br>
<br><font size=2 face="sans-serif"> include
"/etc/named.rfc1912.zones"; </font>
<br><font size=2 face="sans-serif"> include
"/etc/named.root.key";</font>
<br><font size=2 face="sans-serif">};</font>
<br>
<br><font size=2 face="sans-serif">it works but its a little bit unclean
hack IMHO. Bind 9.9 in rhel7.1 doesnt support 'in-view' thats the reason
why I use a the same host but the ip from internal acl her:</font>
<br>
<br><font size=2 face="sans-serif">zone "in-addr.arpa" {</font>
<br><font size=2 face="sans-serif">
type forward;</font>
<br><font size=2 face="sans-serif">
forward only; </font>
<br><font size=2 face="sans-serif">
forwarders { 172.16.8.210; };</font>
<br><font size=2 face="sans-serif">};</font>
<br>
<br><font size=2 face="sans-serif">is there something what can make problems?</font>
<br>
<br><font size=2 face="sans-serif">MfG<br>
Christoph Kaminski<br>
<br>
<br>
<br>
</font>