IT From All Angles

In my previous article KVM Guests: Using Virt-Install to Install Debian and Ubuntu Guests we identified how we can use the virt-install command to create a KVM VM and instead of using an iso or physical cd for the install media we can instead use a boot image from an apt mirror via http.  Now obviously this does not harness the true power of the virt-install command.  Today we will discuss how we can take an existing disk image and import it as a VM with the appropriate devices, this would most commonly be done with sysprepped Windows images, to speed up deployment. Though these instructions will easily work with any OS.

Assumptions I Have Made

• My KVM host is Ubuntu 10.10 and I am assuming that yours is as well.  If it is not then the syntax might be slightly different or may not include the same features.
• That you have kvm installed on the host and you can manually create VMs using virt-manager and they work perfectly.
• That you have a bridge configured and working on other guests.
• That you have virt-install and libvirt-bin installed as well as virt-manager or virt-viewer so that you can complete the install after the virt-install command has completed.
• That you are trying to import disk images that support VirtIO devices (most recent Linux distributions, Windows does not natively support the VirtIO interface, so you will had to have manually installed the VirtIO drivers into your disk image).

The Basic Command

# virt-install -n vmname -r 2048 --os-type=windows   --os-variant=win7 --disk   /kvm/images/disk/vmname_boot.img,device=disk,bus=virtio -w   bridge=br0,model=virtio --vnc --noautoconsole --import

Parameters Detailed

• -n vmname [the name of your VM]
• -r 2048 [the amount of RAM in MB for your VM]
• –os-type=windows [the type of OS linux or windows]
• –os-variant=win7 [the distribution or version of Windows for a full list see man virt-install]
• –disk /kvm/images/disk/vmname_boot.img,device=disk,bus=virtio [this is a long one you define the path, then comma delimited options, device is the type of storage cdrom, disk, floppy, bus is the interface ide, scsi, usb, virtio - virtio is the fastest but you need to install the drivers for Windows and older versions of Linux don't have support]
• -w bridge=br0,model=virtio [the network configuration, in this case we are connecting to a bridge named br0, and using the virtio drivers which perform much better if you are using an OS which doesn't support virtio you can use e1000 or rtl8139.  You could alternatively use --nonetworks if you do not need networking]
• –vnc [configures the graphics card to use VNC allowing you to use virt-viewer or virt-manager to see the desktop as if you were at the a monitor of a physical machine]
• –noautoconsole [configures the installer to NOT automatically try to open virt-viewer to view the console to complete the installation - this is helpful if you are working on a remote system through SSH]

Multiple Disk Variation

# virt-install -n vmname -r 2048 --os-type=windows    --os-variant=win7 --disk    /kvm/images/disk/vmname_boot.img,device=disk,bus=virtio --disk    /kvm/images/disk/vmname_data_1.img,device=disk,bus=virtio -w    bridge=br0,model=virtio --vnc --noautoconsole --import

LVM Disk Image Variation

# virt-install -n vmname -r 2048 --os-type=windows    --os-variant=win7 --disk    /dev/vg_name/lv_name,device=disk,bus=virtio -w    bridge=br0,model=virtio --vnc --noautoconsole --import

No VirtIO Variation (uses IDE and e1000 NIC emulation)

# virt-install -n vmname -r 2048 --os-type=windows    --os-variant=win7 --disk    /kvm/images/disk/vmname_boot.img,device=disk,bus=ide -w    bridge=br0,model=e1000 --vnc --noautoconsole --import

Now as I said before my examples are all defined as Windows 7 VMs but they could just as easily have been a Linux distribution as long as it has already been installed onto a hard disk image or a LV.  Though Linux doesn’t really have a sysprep equivalent you really have to manually update the configuration files to change the hostname, ip address or write a script to make those changes for you.  The value here is really for your Windows guests since they can be so cumbersome to spin up without some sort of imaging process.

I like to be able to spin up a VM without looking for CD media so for a while now I have been using ISO images for all of my installs directly, however I found my self scurrying around “digitally” looking for the correct iso in much the same way I used to scurry about looking for physical CDs, except I was not physically moving.  So anyways the time was wasted either way, I figured it is time that I find a better (read: lazier) way to do this.  So the idea is that since the apt package manager contains all the packages and files needed to install and upgrade a system, we ought to be able to find a way to initiate the install over the wire.

Assumptions I Have Made

• My KVM host is Ubuntu 10.10 and I am assuming that yours is as well.  If it is not then the syntax might be slightly different or may not include the same features.
• That you have kvm installed on the host and you can manually create VMs using virt-manager and they work perfectly.
• That you have a bridge configured and working on other guests.
• That you have virt-install and libvirt-bin installed as well as virt-manager or virt-viewer so that you can complete the install after the virt-install command has completed.
• That you are trying to install guests that support VirtIO devices (all four distros below do, if you have linux 2.6.25+ then they do as well, Windows has drivers available for install, though does not natively support it – so it will require a virtual boot floppy to install drivers).

The Basic Command

# virt-install -n vmname -r 2048 --os-type=linux --os-variant=debianlenny --disk    /kvm/images/disk/vmname_boot.img,device=disk,bus=virtio,size=8,sparse=true,format=raw -w bridge=br0,model=virtio --vnc --noautoconsole --location  http://mirrors.usc.edu/pub/linux/distributions/debian/dists/lenny/main/installer-amd64/

If you’d like to install on a LVM logical volume which you have already created, simply change the –disk parameter to reference a LV /dev/vg_name/lv_name, additionally you will need to remove the size, sparse, and format options as these relate to the creation of a disk image file.

Parameters Detailed

• -n vmname [the name of your VM]
• -r 2048 [the amount of RAM in MB for your VM]
• –os-type=linux [the type of OS linux or windows]
• –os-variant=debianlenny [the distribution or version of Windows for a full list see man virt-install]
• –disk /kvm/images/disk/vmname_boot.img,device=disk,bus=virtio,size=8,sparse=true,format=raw [this is a long one you define the path, then comma delimited options, device is the type of storage cdrom, disk, floppy, bus is the interface ide, scsi, usb, virtio - virtio is the fastest but you need to install the drivers for Windows and older versions of Linux don't have support, size is the size in GB, sparse defines if the disk will be dynamically allocated or if a 40GB image file should take up 40GB on the host file system, format is the type of disk image you are using raw, qcow2, vmdk.  Now this command will create the file (if it doesn't exist) or it can use an existing file]
• -w bridge=br0,model=virtio [the network configuration, in this case we are connecting to a bridge named br0, and using the virtio drivers which perform much better if you are using an OS which doesn't support virtio you can use e1000 or rtl8139.  You could alternatively use --nonetworks if you do not need networking]
• –vnc [configures the graphics card to use VNC allowing you to use virt-viewer or virt-manager to see the desktop as if you were at the a monitor of a physical machine]
• –noautoconsole [configures the installer to NOT automatically try to open virt-viewer to view the console to complete the installation - this is helpful if you are working on a remote system through SSH]
• –location http://mirrors.usc.edu/pub/linux/distributions/debian/dists/lenny/main/installer-amd64/ [this is the mirror which hosts the installer files of the distribution of your choice, in this case Debian Lenny]

Now that we have broke down that command and given you the basic building blocks of virt-install, please keep in mind there are many more options and details in the man pages for virt-install.  Once the virt-install command has run, you will need to connect to the console of the VM using virt-manager or virt-viewer to complete the actual install, this install is not automatic, it is just kicked off over the network.  Also keep in mind that if you have a slow link your install will be slow, if you have a lot of installs like this you should consider mirroring the distributions that you need internally to conserve your WAN links.

Install Debian 5 (Lenny)

# virt-install -n lenny001 -r 2048 --os-type=linux   --os-variant=debianlenny --disk   /kvm/images/disk/lenny001_boot.img,device=disk,bus=virtio,size=8,sparse=true,format=raw   -w bridge=br0,model=virtio --vnc --noautoconsole --location http://mirrors.usc.edu/pub/linux/distributions/debian/dists/lenny/main/installer-amd64/

Install Debian 6 (Squeeze)

# virt-install -n squeeze001 -r 2048 --os-type=linux  --os-variant=debiansqueeze --disk  /kvm/images/disk/squeeze001_boot.img,device=disk,bus=virtio,size=8,sparse=true,format=raw  -w bridge=br0,model=virtio --vnc --noautoconsole --location http://mirrors.usc.edu/pub/linux/distributions/debian/dists/squeeze/main/installer-amd64/

Install Ubuntu 10.04 (Lucid)

# virt-install -n lucid001 -r 2048 --os-type=linux --os-variant=ubuntulucid --disk /kvm/images/disk/lucid001_boot.img,device=disk,bus=virtio,size=8,sparse=true,format=raw -w bridge=br0,model=virtio --vnc --noautoconsole --location http://mirror.uoregon.edu/ubuntu/dists/lucid/main/installer-amd64/

Install Ubuntu 10.10 (Maverick)

# virt-install -n maverick001 -r 2048 --os-type=linux --os-variant=ubuntumaverick --disk /kvm/images/disk/maverick001_boot.img,device=disk,bus=virtio,size=8,sparse=true,format=raw -w bridge=br0,model=virtio --vnc --noautoconsole --location http://mirror.uoregon.edu/ubuntu/dists/maverick/main/installer-amd64/

Linux LVM provides a different way of looking at storage.  On the server side this provides much more flexibility than standard disks with partitions.  It allows us to migrate from old to new storage as well as expand the available storage to a particular file system easily (assuming that there is free space available).

Basically LVM abstracts the physical storage by creating Physical Volumes (PV), and each PV is divided into Physical Extents (PE) which are a consistent size.  Physical Volumes are then added to a Volume Group (VG) which essentially pools all of the PE on all member PV.  Once you have a VG you can then create a Logical Volume (LV) which can be formatted and used as if it were a physical disk, the difference is that the LV can be expanded as many times as needed up until all PE have been allocated within the VG.  In this event you could then simply add another PV to the VG, which would make available additional PE to be added to a LV.

Expanding your storage to meet the requirements of your system is a great benefit and if that were the only thing that you got from LVM2 it would still be worth it…  But there is more, snapshots and the ability to move a logical volume to a specific Physical Volume, as you would want to in the event of a disk failure or migration to new hardware.

Below I have outlined some of the commands you will need to effectively manage your LVM environment.  In my test environment I have hardware RAID which presents a single PV to LVM.  If you did not have hardware RAID you would see multiple PV.  It is also important to note that LVM does not provide RAID, as such if your data needs the protection of RAID you must ensure you have RAID in addition to LVM.

Display Physical Volume Information

# pvs

PV         VG       Fmt  Attr PSize PFree
/dev/sda5  testserver_vg lvm2 a-   1.23t 597.86g

# pvdisplay

--- Physical volume ---
PV Name               /dev/sda5
VG Name               testserver_vg
PV Size               1.23 TiB / not usable 2.00 MiB
Allocatable           yes
PE Size               4.00 MiB
Total PE              321442
Free PE               153052
Allocated PE          168390
PV UUID               pR7PKf-5Sjy-3Zcf-ksZc-o5f6-eoIC-G1dZex

Display Volume Group Information

# vgs

VG       #PV #LV #SN Attr   VSize VFree
testserver_vg   1   4   0 wz--n- 1.23t 597.86g

# vgdisplay

--- Volume group ---
VG Name               testserver_vg
System ID
Format                lvm2
Metadata Areas        1
Metadata Sequence No  9
VG Access             read/write
VG Status             resizable
MAX LV                0
Cur LV                4
Open LV               3
Max PV                0
Cur PV                1
Act PV                1
VG Size               1.23 TiB
PE Size               4.00 MiB
Total PE              321442
Alloc PE / Size       168390 / 657.77 GiB
Free  PE / Size       153052 / 597.86 GiB
VG UUID               oel9Qw-17dO-dDce-63Lq-jRde-ooTx-qhmdhz

Display Logical Volume Information

# lvs

LV     VG       Attr   LSize   Origin Snap%  Move Log Copy%  Convert
kvm    testserver_vg -wi-ao 372.53g
root   testserver_vg -wi-ao 186.26g
swap_1 testserver_vg -wi-ao  48.98g
testvm testserver_vg -wi-a-  50.00g

# lvdisplay

--- Logical volume ---
LV Name                /dev/testserver_vg/swap_1
VG Name                testserver_vg
LV UUID                k0aHZW-CCpo-GS53-GodT-7tTH-9gw7-QXoRxT
LV Write Access        read/write
LV Status              available
# open                 1
LV Size                48.98 GiB
Current LE             12540
Segments               1
Allocation             inherit
Read ahead sectors     auto
- currently set to     256
Block device           251:0

--- Logical volume ---
LV Name                /dev/testserver_vg/kvm
VG Name                testserver_vg
LV UUID                Kmm4WS-joP4-5Em4-Xvmj-CxEJ-pBD3-BPmCFl
LV Write Access        read/write
LV Status              available
# open                 1
LV Size                372.53 GiB
Current LE             95367
Segments               1
Allocation             inherit
Read ahead sectors     auto
- currently set to     256
Block device           251:1

--- Logical volume ---
LV Name                /dev/testserver_vg/root
VG Name                testserver_vg
LV UUID                UQs2ai-8qyN-32Yv-6VEL-tCde-OdFD-XA5BAh
LV Write Access        read/write
LV Status              available
# open                 1
LV Size                186.26 GiB
Current LE             47683
Segments               1
Allocation             inherit
Read ahead sectors     auto
- currently set to     256
Block device           251:2

--- Logical volume ---
LV Name                /dev/testserver_vg/testvm
VG Name                testserver_vg
LV UUID                C2Oxdf-QBbr-PRKI-Bk9B-y4EE-Qf4B-7DXZd4
LV Write Access        read/write
LV Status              available
# open                 0
LV Size                50.00 GiB
Current LE             12800
Segments               1
Allocation             inherit
Read ahead sectors     auto
- currently set to     256
Block device           251:3

Create a Logical Volume

# lvcreate -L10G -n testvm testserver_vg
Logical volume "testvm" created

Extend a Logical Volume

Extending a LV is a three step process (1) Confirm free space in the VG (2) Extend the LV (3) Resize the file system.

# lvs
VG       #PV #LV #SN Attr   VSize VFree
testserver_vg   1   4   0 wz--n- 1.23t 597.86g

# lvextend -L60G /dev/testserver_vg/testvm
or
# lvextend -L+10G /dev/testserver_vg/testvm
Extending logical volume testvm to 60.00 GiB
Logical volume testvm successfully resized

# resize2fs /dev/testserver_vg/testvm

Create a Logical Volume Snapshot

When you create a snapshot you are essentially creating a second volume, and then all changes to the first volume are written to the second volume, leaving the first volume as a point in time snap.

# lvcreate -L1G -s -n testsnap /dev/testserver_vg/testvm

# lvremove /dev/testserver_vg/testsnap

Scan for Changes in Disk Layout

This can be helpful if you are moving disks from one machine to the other in the event of data migrations.

# pvscan

# vgscan

# lvscan

Prepare and Add Physical Disks to a Volume Group

Create a partition on the new disk and set its type to 8e so that it can be used by LVM.

# fdisk /dev/sdb

# pvcreate /dev/sdb1

# vgextend testserver_vg /dev/sdb1

This will of course mean that by adding the PV you are gaining all of the PE which are contained therein and you would then be able to extend an LV if you were so inclined.  You could also use this process to migrate data to a new replacement disk.

Move the Physical Extents to a New Physical Volume

LVM allows us to shift the locations of the PE.  We can do this in two ways, we can either distribute all of the extents over the remaining PV or we can specify the PV we want it to use.

# pvmove /dev/sda
or
# pvmode /dev/sda /dev/sdb

Remove the Physical Volume from the Volume Group

# vgreduce testserver_vg /dev/sda

BIND 9 gives us the ability to run a split DNS configuration on a single server, in this article we will go over the configuration of slave servers which will transfer the zones from the master while still maintaining its views.

Now before we go any further, if you do not have a working master server with views configured you will want to review part 1 here.

Configure the Slaves

slavedns01:/# cat /etc/issue
Debian GNU/Linux 5.0 \n \l

slavedns01:/# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 10.0.0.12
netmask 255.255.255.0
gateway 10.0.0.1

auto eth0:0
iface eth0:0 inet static
address 10.0.0.14
netmask 255.255.255.0

slavedns01:/# cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

include "/etc/bind/named.conf.local";

slavedns01:/# cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
//     0.0.0.0;
// };

auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { any; };
};

slavedns01:/# cat /etc/bind/named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

acl master { 10.0.0.11/32; };

acl internals { !10.0.0.1/32; 10.0.0.0/24; localhost; };

acl externals { 10.0.0.1/32; any; };

view "internal" {
match-clients { internals; };
query-source address 10.0.0.12 ;
transfer-source 10.0.0.12 ;
allow-recursion { any; };
zone "allanglesit.net" {
type slave;
file "/var/cache/bind/internal/db.example.org";
masters { 10.0.0.11; };
allow-notify { master; };
};
zone "0.0.10.in-addr.arpa" {
type slave;
file "/var/cache/bind/internal/db.reverse.10.0.0";
masters { 10.0.0.11; };
allow-notify { master; };
};
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
};

view "external" {
match-clients { externals; };
query-source address 10.0.0.14 ;
transfer-source 10.0.0.14 ;
allow-recursion { none; };
zone "example.org" {
type slave;
file "/var/cache/bind/external/db.example.org";
masters { 10.0.0.11; };
allow-notify { master; };
};
};

Now as I mentioned in part 1, we are using 2 slave servers, however I won’t go into how to configure the second one, as it is exactly the same as the first one, with the exception of the IP addresses.  So now lets go through some of the configurations in a little more detail.

First thing we will talk about is the network configuration.  For each view we will need a different IP address, so that we can transfer the zone from the correct view.  We do this using aliases or sub-interfaces.  Below is where we have defined the interface (eth0) and the alias (eth0:0).

auto eth0
iface eth0 inet static
address 10.0.0.12
netmask 255.255.255.0
gateway 10.0.0.1

auto eth0:0
iface eth0:0 inet static
address 10.0.0.14
netmask 255.255.255.0

Now when configuring the internals acl in the /etc/bind/named.conf.local you will notice that I have included the 10.0.0.0/24 while excluding 10.0.0.1.  This is due to my external DNS queries being NAT’d through my firewall, which essentially appears as if they are coming from the firewall’s internal interface.  This acl is later called as part of the match-clients statement in the view.  Additionally you will need to specify both the query-source address and the transfer-source these parameters will ensure that the requests come from the correct IP when transferring the zones from the master.

acl internals { !10.0.0.1/32; 10.0.0.0/24; localhost; };

acl externals { 10.0.0.1/32; any; };

view "internal" {
match-clients { internals; };
query-source address 10.0.0.12 ;
transfer-source 10.0.0.12 ;
allow-recursion { any; };

This should complete the configuration of your split DNS using BIND 9 views.

In almost all organizations the network infrastructure needs to be designed in such a way as to allow both internal and external name resolution authoritatively.  In most organizations this has been accomplished by having separate internal and external servers.  Clearly this way is functional and simpler, however it is also wasteful considering how little resources DNS actually requires.  BIND 9 gives us a new method to manage these types of configurations.  The idea is that you can create a view which will reference specific zones based on the network location that you are coming from.

This is how the series will be broken down.

Part 1 Configuring the master server.

Part 2 Configuring the slave server(s).

Environment Details

-1 Master (does not service requests from clients)

-2 Slaves (which service requests from clients)

-Service both Internal and External requests (allowing recursion on Internal Requests only)

Configure the Master

masterdns01:/# cat /etc/issue
Debian GNU/Linux 5.0 \n \l

masterdns01:/# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.0.0.11
netmask 255.255.255.0
gateway 10.0.0.1

masterdns01:/# cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

include "/etc/bind/named.conf.local";

masterdns01:/# cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
//      0.0.0.0;
// };

auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { any; };
};

masterdns01:/# cat /etc/bind/named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

acl internal-slaves { 10.0.0.12/32; 10.0.0.13/32; };
acl external-slaves { 10.0.0.14/32; 10.0.0.15/32; };

acl internal { !10.0.0.1/32; !10.0.0.13/32; !10.0.0.15/32; 10.0.0.0/24; localhost; };
acl external { 10.0.0.1/32; 10.0.0.13/32; 10.0.0.15/32; any; };

view "internal" {
match-clients { internals; };
allow-recursion { any; };
zone "example.org" {
type master;
file "/etc/bind/internal/db.example.org";
allow-transfer { internal-slaves; };
};
zone "0.0.10.in-addr.arpa" {
type master;
file "/etc/bind/internal/db.reverse.10.0.0";
allow-transfer { internal-slaves; };
};
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
};

view "external" {
match-clients { externals; };
allow-recursion { none; };
zone "example.org" {
type master;
file "/etc/bind/external/db.example.org";
allow-transfer { external-slaves; };
};
};

masterdns01:/# cat /etc/bind/internal/db.example.org
;BIND db file for example.org INTERNAL
;
$TTL 1d
;
@       IN      SOA     masterdns01.example.org.        hostmaster@example.org. (
110223001       ;serial number YYMMDDNNN
8h              ;refresh
2h              ;retry
2d              ;expire
6h              ;min ttl
)
IN      NS      masterdns01.example.org.
IN      NS      slavedns01.example.org.
IN      NS      slavedns02.example.org.

$ORIGIN example.org.

masterdns01     IN      A       10.0.0.11
slavedns01      IN      A       10.0.0.12
slavedns02      IN      A       10.0.0.13
www             IN      A       10.0.0.51
server          IN      A       10.0.0.55

masterdns01:/# cat /etc/bind/external/db.example.org
;BIND db file for example.org EXTERNAL
;
$TTL 1d
;
@       IN      SOA     masterdns01.example.org.        hostmaster@example.org. (
110223001       ;serial number YYMMDDNNN
8h              ;refresh
2h              ;retry
2d              ;expire
6h              ;min ttl
)
IN      NS      ns1.example.org.
IN      NS      ns2.example.org.

$ORIGIN example.org.

ns1             IN      A       1.1.1.1
ns2             IN      A       1.1.1.2
www             IN      A       1.1.1.3

masterdns01:/# cat /etc/bind/internal/db.reverse.10.0.0
;BIND db file for 10.0.0 INTERNAL
;
$TTL 1d
;
@       IN      SOA     masterdns01.example.org.        hostmaster@example.org. (
110223001       ;serial number YYMMDDNNN
8h              ;refresh
2h              ;retry
2d              ;expire
6h              ;min ttl
)
IN      NS      masterdns01.example.org.
IN      NS      slavedns01.example.org.
IN      NS      slavedns02.example.org.

11      IN      PTR     masterdns01
12      IN      PTR     slavedns01
13      IN      PTR     slavedns02
51      IN      PTR     www
55      IN      PTR     server

So to look a little bit closer at the setup of the view itself…

Below you will see an excerpt of the /etc/bind/named.conf.local

Some important things to note.  You might notice that I have excluded some individual IP addresses from the internal acl (10.0.0.1, 10.0.0.13, and 10.0.0.15), I do this by including an exclamation point prior to the IP address.  This is common in Unix and it is interpreted as a negative of whatever it is combined with so != is “not equal”.  Now the reasoning is quite simple, one device is the firewall, since my external DNS traffic is NAT’d through the firewall, the external queries actually end up coming from the internal interface of the firewall (from the perspective of the DNS server).  The other two devices are the slaves, if you do not exclude these then you will end up downloading your internal zones into all of your views on the slave servers rendering your views nearly worthless.

acl internal { !10.0.0.1/32; !10.0.0.13/32; !10.0.0.15/32; 10.0.0.0/24; localhost; };
acl external { 10.0.0.1/32; 10.0.0.13/32; 10.0.0.15/32; any; };

view "internal" {
match-clients { internals; };
allow-recursion { any; };

In part 2 we will be configuring the slave servers.