{"description": "If it is not possible to run external and internal nameservers on\nseparate physical systems, run BIND9 and simulate this feature using views.\nEdit <tt>/etc/named.conf</tt>. Add or correct the following directives (where\nSUBNET is the numerical IP representation of your organization in the form\nxxx.xxx.xxx.xxx/xx):\n<pre>acl internal {\n  SUBNET ;\n  localhost;\n};\nview \"internal-view\" {\n  match-clients { internal; };\n  zone \".\" IN {\n    type hint;\n    file \"db.cache\";\n  };\n  zone \"internal.example.com \" IN {\n    ...\n  };\n};\n\nview \"external-view\" {\n  match-clients { any; };\n  recursion no;\n  zone \"example.com \" IN {\n    ...\n  };\n};</pre>", "warnings": [{"general": "As shown in the example, database files which are\nrequired for recursion, such as the root hints file, must be available to any\nclients which are allowed to make recursive queries. Under typical\ncircumstances, this includes only the internal clients which are allowed to use\nthis server as a general-purpose nameserver."}], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": {}, "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Use Views to Partition External and Internal Information", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/dns/dns_server_protection/dns_server_partition_with_views/group.yml"}