View selection via TSIG
Mark Andrews
marka at isc.org
Wed Aug 19 23:30:27 UTC 2009
In message <6913B169-0B0E-42E0-BC30-92D188036688 at tcbug.org>, Josh Paetzel write
s:
>
> On Aug 19, 2009, at 11:07 AM, Kirk wrote:
>
> >
> >> logging {
> >> channel my_log {
> >> file "/var/log/bind/named.log" versions 3 size 5m;
> >> severity warning;
> >> print-time yes;
> >> print-severity yes;
> >> print-category yes;
> >> };
> >> category "notify" {
> >> my_log;
> >> };
> >> };
> >> I've changed the category to default to make sure that it can log
> >> that and it can.
> >> Thanks,
> >> Josh Paetzel
> >
> > Josh,
> >
> > I can't answer your question about views, but here is the pertinent
> > logging statements I am using and seems to work.
> >
> > channel "notify" {
> > file "logs/notify_log" versions 2 size 1m;
> > print-time yes;
> > };
> > category "notify" { notify; };
> >
> > If you are running chroot you might wanna verify that named can log
> > to the directory you listed in your logging statement.
> >
>
>
> Thanks. That worked, and I was quickly able to see what I was doing
> wrong. My primary nameserver was matching an IP in one of the
> views. So all the notifies were seen by slave as being in that one
> view. IPs override keys.
Acl matches are order sensitive. The !key is in the examples to prevent
the signed message matching the view and moving onto the next one.
> Issue solved, thanks everyone who helped.
>
> Thanks,
>
> Josh Paetzel
>
>
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list