Zone transfer over VPN
Grant Taylor
gtaylor at tnetconsulting.net
Wed Sep 7 04:28:09 UTC 2022
On 9/6/22 4:16 PM, Michael De Roover wrote:
> once I tried to do the same on the satellite network, BIND on the main
> network would see the zone transfer as coming from 192.168.10.51 or
> 192.168.10.52 -- instead of coming from 192.168.20.3 -- and refuse
> it. The same is true the other way around, where the name server on
> the satellite network sees zone transfers from the main network as
> coming from 192.168.20.1 instead.
This screams of a VPN / routing / NATing / masquerading problem to me.
I would expect that BIND would see the traffic as sourced from the name
server's LAN IP, not the local VPN gateway IP.
Presuming that the routing is working correctly, you should be able to
configure BIND ACLs as you indicate you tried to do.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220906/0fa1c546/attachment.bin>
More information about the bind-users
mailing list