BIND 9.1.0 Views and Slave

Sat Mar 10 01:58:42 UTC 2001

	Use transfer-source to specify a address not in the first view
	but in the second view.

> Still not getting the zone transfers to work correctly. What I discovered is
> that when the slave goes to get the zone transfer it matches the
> allow-transfer on the first view in the list, and if its denied in this view
> it never looks to the next view.
> So in my example below a slave in my internal-dns acl will never get a zone
> trnasfer. It gets denied from the external view and dosen't go any further.
> Paul
> 
> view "external" {
>       match-clients { any; };
>       recursion no;
>       allow-transfer { external-dns; };
> 
>       zone "sou.edu" {
>            type master;
>            file "sou-external.db";
>       };
> };
> 
> 
> view "internal" {
>       match-clients { our-nets; };
>       recursion yes;
>       allow-transfer { internal-dns;};
>       zone "sou.edu" {
>             type master;
>             file "sou.db";
> 
>       };
> };
> 
> 
> 
> Sak Wathanasin wrote:
> 
> > Paul Lieberman wrote:
> > >
> > > I setup views for internal and external access on my master server as in
> > > the docs and it works great. However on my slave server the external
> > > view file has everything from the internal view.
> > > Anyone have any experience in configuring the slave server when using
> > > views?
> >
> > Yes, works just fine here; this is how I set up the named.conf on the
> > master:
> >
> > view "internal_view" {
> >         # Internal zones not visible to the world
> >         match-clients { !dmzServers; internal_net; localhost; };
> >         allow-transfer { internal_DNS; };
> >         recursion yes;
> >
> >         zone stmts...
> > };
> >
> > view "external_view" {
> >         # allow only a restricted view of our zones
> >         match-clients { any; };
> >         allow-transfer { external_DNS; };
> >         recursion no;
> >         zone stmts...
> > };
> >
> > Note that the order is important: bind tries each of the match-clients
> > in the order specified. On the slave server, I leave out the views and
> > just have
> >
> >         zone "xyz.com" {
> >                 type slave;
> >                 masters { foo; };
> >                 file "db.xyz.com";
> >         };
> >
> > as usual.
> >
> > Hope this helps
> > --
> > Sak Wathanasin
> > Network Analysis Ltd
> > 178 Wainbody Ave South, Coventry
> > Phone: 024 76 419996 Mobile: 079 70 751912 Fax: 024 76 690690
> 
> --
> Paul Lieberman                            lieb at sou.edu
> Systems Engineer                          541-552-6962
> Computing Services Center
> Southern Oregon University
> Ashland, OR
> 
> 
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com