special solution needed please
Walter H.
Walter.H at mathemainzel.info
Sun Dec 20 11:27:23 UTC 2020
Hello,
I'm using BIND as a caching resolver and also a authoritative DNS server
for a '.home.arpa' local used domain;
I have two BINDs, one as a master and the other as a slave;
also two views are used, because there are some zones
e.g. 100.168.192.in-addr.arpa or some public zones that a 'rewritten'
to be solved by a local web server e.g. msftncsi.com
they are only needed on one part of the LAN or are not wanted on the
other part of the LAN
lets say the master has 2001:db8:0:0:0::10 and the slave has
2001:db8:0:0:0::1;
the named.conf looks like this:
acl part-common { // this is the ACL for the common part, where
some zones are not wanted
localhost; // or shall this be at the other acl for
special part?
2001:db8:0:0:0::1; // I thought this would be a good idea
2001:db8:0:0:0::10;
!2001:db8:0:0:0::/80; // not for the special part, but there are
the DNS-servers itself, that are common to the complete LAN
2001:db8:0:0::/64;
};
acl part-spcl { // this is the ACL for special part of the lan,
which has some extra zones, that are not wanted to be in the common part
above;
!2001:db8:0:0:0::1; // the reason above
!2001:db8:0:0:0::10;
2001:db8:0:0:0::/80; // only the special part with some extra zones
};
acl slave-dns-ip {
2001:db8:0:0:0::1;
};
masters dns-master { 2001:db8:0:0:0::10; };
view "commonpart" {
match-clients { part-common; };
...
include "lan.zones";
};
view "spclpart" {
match-clients { part-spcl; };
...
include "lan.zones";
include "extra.zones"; // here are the extra zones
};
at the master the "lan.zones" looks like this:
zone "lan.home.arpa" IN {
type master;
notify yes;
file "named.zone-lan.home.arpa";
allow-transfer { slave-dns-ip; };
allow-update { none; };
};
at the slave the "lan.zones" looks like this:
zone "lan.home.arpa" IN {
type slave;
masters { dns-master; };
file "slaves/named.zone-lan.home.arpa";
};
and now the problem
when I modify 'named.zone-lan.home.arpa' and force the transfer to the
slave - 'rndc reload',
the test if this works, fails for clients from the special part
explicitly asking the slave - why?
nslookup www.lan.home.arpa 2001:db8:0:0:0::1
works only from clients not from the special part of the LAN,
even the zone is in both views ..., a complete restart of BIND resolves
this, but this can't be, as this throws away the cached part in memory ...
nslookup www.lan.home.arpa 2001:db8:0:0:0::10
this works from any client
how can I face this?
any hints/suggestions would be great;
Thanks,
Walter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3511 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20201220/f02cd5c0/attachment-0001.bin>
More information about the bind-users
mailing list