Hi,
On 08 Oct 2014, at 09:41 , Daniel Salzman <daniel.salzman(a)nic.cz> wrote:
Unfortunately, Knot DNS doesn't support this
functionality (views).
1. Views <> split-DNS.
2. There's nothing unfortunate about that ;-)
There's a very wide spread misunderstanding that split-DNS equals "views".
It doesn't, it has nothing to do with views.
To expand a little bit: views are an implementation specific feature in BIND9 that
basically provides application level nameserver virtualization. Once upon a time that was
seriously cool, because h/w was expensive and we didn't have OS level virtualization.
But today we do, and hence there's basically no point to views (they stopped being
cool about 10 years ago). Just fire up a couple of VMs and run whatever nameserver config
you want in each one (possibly different implementations for that matter).
To expand further: if one want's split-DNS, and some people do for whatever reason,
the only sane way do doing that seems to be by using "stub zones". This is a
feature in a recursive server that causes it to preempt the normal referral chain and
instead go straight for a particular auth server (or servers) for a particular zone.
Unbound can do this just fine and so can BIND9 (i.e. there's no need for views even in
BIND9).
But there's just no way Knot-DNS could do this, regardless of whether you implemented
views or not, because Knot-DNS is not a recursive server. There is *no* way whatsoever to
implement split-DNS except in the recursive server, because that's what split-DNS is:
a modification to the recursive server to preempt the normal referral chain.
> I have a question to configure knot dns for
split-dns server. (only
> master , no slaves)
>
> If my router have two interfaces, eth0 (connected with ISP) and eth1
> (internal private).
>
> About same zone (ex.
example.com), i want to responses different ways
> for eth0, eth1.
>
> (ex. eth0,
www.example.com -> read /etc/knot/external.example.zone,
> eth1,
www.example.com -> /etc/knot/internal.example.zone)
>
> How can i configure it?
I suggest that you run Knot-DNS with the public version of
example.com on the external
interface and then another instance of Knot-DNS with the internal version elsewhere (other
box, in a VM, same box but only listening to a loopback interface or something like that).
Finally you run Unbound or BIND9 in purely recursive mode on the internal interface with a
stub config for
example.com that points to your internal Knot-DNS.
Regards,
Johan
PS. Please don't implement views in Knot-DNS ;-) It simply doesn't provide any
useful feature in an authoritative-only server today.