Shared dynamic zone on external view?
Nicolas C.
bind at nryc.fr
Wed Nov 7 16:08:54 UTC 2012
Hello,
I have a dynamic zone on an external view, this zone is updated with a
TSIG key from outside of our network. There is a secondary DNS server,
also outside our network on which zones transfers are working fine with
no key.
We would like to make one of our internal DNS secondary for this zone
and we have the "dynamic zone shared between views" problem. I tried to
follow the FAQ but no luck so far.
I'm not sure that what I'm trying to do is possible, can someone confirm
this?
Should I follow the FAQ and make my dynamic zone "master" on the
"internal" view? That makes less sense to us because this are public
zones, updated from the outsite.
This is my configuration :
view "internal" {
match-clients {
!key external;
key shared;
<IPv4/IPv6 ranges including IPv4-of-my-DNS>
};
zone "<my_zone>" {
type slave;
file "db.shared-int";
masters { IPv4-of-my-DNS; };
transfer-source IPv4-of-my-DNS;
};
};
view "external" {
match-clients { !key shared; any };
allow-transfer { IPv4-of-my-DNS; };
server IPv4-of-my-DNS; { keys { shared; }; };
zone "<my_zone>" {
type master;
file "db.shared-ext";
notify yes;
also-notify { IPv4-of-my-DNS; };
update-policy {
grant another-key subdomain <my_zone> ANY;
grant principal at REA.LM subdomain <my_zone> ANY;
};
};
When I reload the configuration or try to initiate a zone transfer with
dig and the "shared" key, I have this message in the logs.
zone <my_zone>/IN/internal: refresh: unexpected rcode (SERVFAIL) from
master IPv4-of-my-DNS#53 (source IPv4-of-my-DNS#0)
Regards,
Nicolas
More information about the bind-users
mailing list