BIND transferring zones with incorrect view
Matthew Pounsett
matt at conundrum.com
Thu Dec 22 21:07:28 UTC 2016
On 22 December 2016 at 13:05, Asai <asai at globalchangemusic.org> wrote:
> Still trying to figure this out, still am not doing something right. I’m
> still getting REFUSED when trying to do transfers from Master to Slave.
> Not sure what I’m doing wrong, so please point out my errors here. I have
> two views, but neither are getting any transfers so I’ve only included one
> in the config.
>
It would help if you included your entire config. You're likely editing
out important things.
At the very least, your supplied config is missing the server{} statements
necessary to use TSIG in your zone transfer requests.
>
> Here’s my part of my config for Master and Slave:
>
> MASTER (10.233.0.198):
>
> key WAN-key {
> algorithm hmac-md5;
> secret “FsrWAd2G5saYSd3bOx0mw==";
> };
>
> key LAN-key {
> algorithm hmac-md5;
> secret “4hKGvi4BDswdTD2f1sEE2i==";
> };
>
> acl lan_hosts { key LAN-key; !key WAN-key; 192.168.0.0/16; 10.233.0.0/24;
> localhost; };
> acl wan_queries { key WAN-key; !key LAN-key; !192.168.0.0/16; !
> 10.233.0.0/24; };
>
> include "/etc/rndc.key";
> controls {
> inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
> };
>
> view "LAN” {
>
> match-clients { lan_hosts; };
> allow-transfer { key LAN-key; };
> also-notify { 10.233.0.189 key LAN-key; };
>
> zone “intranet.site" {
> type slave;
> masters {
> 10.233.0.198;
> };
> file "/var/named/slaves/intranet.site.LAN.hosts";
> };
> }
>
>
>
>
> SLAVE (10.233.0.189):
>
> key WAN-key {
> algorithm hmac-md5;
> secret “FsrWAd2G5saYSd3bOx0mw==";
> };
>
> key LAN-key {
> algorithm hmac-md5;
> secret “4hKGvi4BDswdTD2f1sEE2i==";
> };
>
> acl lan_hosts { key LAN-key; !key WAN-key; 192.168.0.0/16; 10.233.0.0/24;
> localhost; };
> acl wan_queries { key WAN-key; !key LAN-key; !192.168.0.0/16; !
> 10.233.0.0/24; };
>
> include "/etc/rndc.key";
> controls {
> inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
> };
>
> view "LAN” {
>
> match-clients { lan_hosts; };
>
> zone “intranet.site" {
> type slave;
> masters {
> 10.233.0.198;
> };
> file "/var/named/slaves/intranet.site.LAN.hosts";
> };
> }
>
>
>
> On Dec 21, 2016, at 10:59 AM, Asai <asai at globalchangemusic.org> wrote:
>
> Yes, thank you. I think Mark’s link to the article is the proper
> solution. Thank you for your reply.
>
>
> On Dec 21, 2016, at 10:55 AM, Matthew Pounsett <matt at conundrum.com> wrote:
>
>
>
> On 20 December 2016 at 16:45, Asai <asai at globalchangemusic.org> wrote:
>
>> Greetings,
>>
>> Quick question. Using BIND 9.9.4. I have 2 zones. One for LAN traffic,
>> and one for WAN traffic. My secondary server is transferring the wrong
>> zones, so that my WAN zone has all the A records for my LAN zone.
>>
>> Any insights on this?
>>
>> Most likely you've misconfigured your master server such that the slave
> (secondary) sees the wrong zone when doing zone transfers. But, because
> you haven't provided any real detail about your configuration, no one is
> going to be able to provide much in the way of advice about how to fix it.
>
> You should read the article that Mark Andrews linked, and if you still are
> not able to solve the problem you should return with some details about
> your setup.
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20161222/58e4e342/attachment-0001.html>
More information about the bind-users
mailing list