Trouble updating zones in a multi-view scenario

Justin Shore justin at justinshore.com
Thu Nov 13 06:08:33 UTC 2008 

Res wrote:
> Is that the only difference or just main difference? IOW, why not just 
> allow the "trusted" ACL members to do recursive, it'll shorten things a 
> lot.

Well, that's the most important difference to me.  If you look at the 
config from the email archives there are some other differences such as 
additional-from-auth/cache, provide-ixfr, allow-transfer, and some zone 
file differences.  Some of those would allow a list as an argument but I 
don't think all of them do, do they?  My main goal was to limit 
recursion to our clients only and provide root hints for the non-trusted 
queries.  There were a few other less important differences too.

> options {
>  <snip>
>         allow-recursion { trusted; };
> };
> 
> What does messages file say?

It reports that the updated zone was loaded into the trusted view but 
doesn't mention the non-trusted or chaos zones (I forgot about the 3rd 
chaos zone).  It also bitches about journal file since I have the config 
set up to allow IXFRs but am manually editing the zone files instead of 
using nsupdate.  That shouldn't be a problem though, IMHO.  It just 
means IXFRs are broken so XFRs run as AXFRs.  This is confirmed by the 
next 2 lines where my slave AXFRs the updated zone.

Nov 12 23:39:39 maple1 named[12813]: reloading zones succeeded
Nov 12 23:39:39 maple1 named[12813]: zone zone.net/IN/trusted: loaded 
serial 2008111206
Nov 12 23:39:39 maple1 named[12813]: zone zone.net/IN/trusted: sending 
notifies (serial 2008111206)
Nov 12 23:39:39 maple1 named[12813]: malformed transaction: 
my/my-zones/zone.net.master.jnl last serial 2008111206 != transaction
Nov 12 23:39:39 maple1 named[12813]: client aaa.bbb.ccc.ddd#44588: view 
trusted: transfer of 'zone.net/IN': AXFR started
Nov 12 23:39:39 maple1 named[12813]: client aaa.bbb.ccc.ddd#44588: view 
trusted: transfer of 'zone.net/IN': AXFR ended

Should I the zone loaded into 2 different zones like what I see when 
named first starts up?  I see both trusted and non-trusted zone loading 
entries then.

Thanks
  Justin

More information about the bind-users mailing list