Versions Compared

Old Version 1

changes.mady.by.user The Force

Saved on

compared with

New Version 2

changes.mady.by.user The Force

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DOC and version HG-8.3.1

Configuring Split Horizon and Views

Split-horizon DNS allows for different DNS records to be provided for the same domain, depending on the source of the DNS query. For example, if a server has both a private IP address (such as on a local area network) and a public address, using split-horizon DNS with an access control list (ACL), the same name can direct to either the private IP address or the public one based on the client sending the query. This may also allow for improved network latency for local networks. 

Table of Contents

Working with Access Control Lists (ACLs)

The ACL Applied ACLs module applies the specified network lists to the in the configuration for zones inside the group and the servers that belongs to the group, when exporting the group or zone.

Table of Contents

Create an ACL

ACLs may be created under each DNS Group, accessed from the the DNS tab DNS Groups sub-tab.

...

When done, save the ACL by clicking "Save changes". The new ACL will be added to the Group's "Attach ACL" list. Choose the ACL from the dropdown and click "Attach".

Edit an ACL

ACLs may be edited similarly to how they are created. Click the "Add or Edit ACL" button under the "Applied ACLs" module for the DNS Group. 

...

When done, click "Save Changes". 


Detach an ACL from a Group

Detaching an ACL removes it from the Group, but the ACL will still exist for re-use in other Groups. 

...

The ACL will be removed from under the Group, but will remain in other Groups it exists under, as well as be selectable from the "Add ACL" window and "Attach ACL" dropdown.

Delete an ACL

ACLs may be deleted through the "Edit ACL" interface. Click the "Add or Edit ACL" button under the "Applied ACLs" module for the DNS Group. 

...

The ACL will be permanently deleted, and will no longer show under any Groups to which it has been attached, nor show in the "Existing ACLs" list.


Add an existing ACL to another Group

Existing ACLs may be added to as many Groups as desired. If ACLs already exist, clicking the "Add or Edit ACL" button will give an additional option to "Create New". 

To select a previously created ACL, select it from the "Attach ACL" dropdown and click "Attach". 

Configuring Split-Horizon Views

In ProVision, DNS Groups are used to organize split-horizon views with applied ACLs to determine which DNS records are applied to a zone for a given requestor. One zone may be cloned between two or more DNS groups, ACL(s) applied, and separate zone records customized for each cloned zone. 

1 ) Create DNS Group(s)

Create DNS Groups, or verify that DNS Groups already exist, for both the default response and each split zone view that is needed. 

In this example, we will use ProVision's Default Group for the default response, and "Another Group" for an additional split zone view.

Image Removed

2) Add Zone to Groups

Create or add the DNS Zone to both the Default response group and the additional group(s) intended for the split zone view(s).

Image Removed

...

titleClone Existing Zone

You can quickly add the same zone to multiple groups by using "Clone Existing Zone" in the Add Zone modal,  or the "Add to Group" button from the Zone View page!

Expand
titleClone Existing...

Clone Existing:

From the DNS Group container, click "Add Zone", then select "Clone Existing Zone" under "Populate type".

Image Removed

...

titleAdd from Zone View page...

...

Click the green + to create the zone under another DNS Group.

Image Removed

3) Add ACL(s) to the Group(s)

Create and/or add the ACL to the group(s) that will route to the alternate DNS records. 

Image Removed

4) Add or Edit DNS Zone Records

Click the zone name from either DNS Group to open the Zone View page and verify that the desired DNS Group tab is selected at the top of the module.

Under the DNS Records Section, click "Add" to create a new zone record, or click on an existing record to edit its values according to the split view needs. 

Expand
titleExample A Records...

In our example, the zone test.com. has an A record applied that maps to 5.2.2.1 under the Default Group:  

Image Removed

Under Another Group, test.com. has an A record that maps to 5.3.2.1. 

Image Removed

At this point, the split-horizon view set up is complete, and you may further adjust DNS Group or Zone / Record details as needed.

Additional Information

For additional information on working in DNS, see the following sections: