BIND 9.9.4-61
All updates applied as of today(2018-06-22)
The question that I have is if there are any complications from having the same zone file referenced by different views. It has worked OK in our admittedly limited testing thus far but are there any performance or security issues? For that matter, is it not according to convention? If not, what is the right way? All of the examples on ISC's site that I was able to find did not show such a setup.
Situation:
I work for a small ISP. One of our clients, who uses us for DNS services, has a global presence. Currently they have their names setup so that if someone wants to access the server called "apps" while in China, they would go to apps.company.cn. Now they want to change that so that one would just put in apps.company.com and they would be automatically directed to the closest server.
To accomplish this, we were thinking of using GeoIP and views. Our idea was to setup acls based upon GeoIP for the countries they wish to designate then corresponding views that would point to a zone file for that company that has the region specific addresses. In code below, because the explanation is getting long.
Originally we were going to use in-view statements, which looked like it would resolve any performance issues but that isn't available until BIND 9.10.
Code: Select all
acl china {
geoip db country country CN;
};
view china {
match-clients { china; };
zone "company.com" {
type master;
file "com/db.company.china";
};
zone "somethingElseWeHost.com" {
type master;
file "com/db.somethingElseWeHost";
};
};
view everyoneElse {
match-clients { any; };
zone "company.com" {
type master;
file "com/db.company";
};
zone "somethingElseWeHost.com" {
type master;
file "com/db.somethingElseWeHost";
};
};