Syncing Multiple (like, 10) Views using TSIG.. example?
Thom Brooks
bind-mail at unithom.com
Sat Feb 17 01:18:44 UTC 2007
I have looked at the man pages and reviewed the mailing list archives, but
have not yet found a solution...
We have multiple views on a master DNS server running BIND 9.3.
One of them is 'outside' and there are about six or seven 'internal' views
(one per VLAN/subnet).
This was necessary because some of the machines (file servers) in our
environment have multiple IP addresses so that if a client from the 'design'
department asks for the file server address, it can access it directly without
having to go through the router or firewall. If a client from the 'staff'
subnet asks for the same hostname, it'll get a different IP, etc.
I have seen the example config of 9.3 using TSIG that is supposed to let AXFRs
happen with just one IP address for master and slave servers.
The master is configured and appears to work correctly. It answers queries
from different internal subnets, and the main external view, correctly.
However, the slave seems to be getting the views screwed up. I'm sure that
it's not configured properly... because 'internal only' (eg 192.168.x.x)
addresses are showing up in the external, 'public' view, and vice versa. I
think I'm probably not using ! (bang) to negate specific keys in
the match-clients statement.
But rather than post specific configuration files here, could I make a request
that would benefit a lot more people who may be trying to do the same thing
and ask if someone could kindly extend the example seen at
http://www.bind9.net/BIND-FAQ to perhaps include views 'internal1' and
'internal2', and copy that example config respond to my message here?
Thanks for your time.
Thom Brooks
Adler Planetarium and Astronomy Museum
Chicago, IL
More information about the bind-users
mailing list