Views and two servers
Hawkins, Michael
MHawkins at TULLIB.COM
Fri Mar 1 16:25:55 UTC 2002
I once asked this question and foolishly did not keep the answer. Sorry
people.
I have two bind servers. I want them to be primary and secondary for our
domains in a split DNS configuration so that using views any host on our
internal network gets answers from db.domain.internal and anyone on the
internet gets answers from db.domain.external.
I once asked this question and the answer came back that I should configure
two IP's one each machine and include one IP in the access-list for internal
and the second IP would hit the other however...
It does not matter how I configure the secondary it will always get the same
DB from my primary because it always uses the same source IP to talk to the
primary. The result is that both the internal and external DB's always end
up the same.
How can I configure my secondary to use one IP address for internal and one
IP address for external domains when talking to the primary?
My own solution, which I am trying as I write this email, is to...
configure a totally separate subnet (outside of 172.24.1.0/24) and set the
secondary named.conf to use the master IP that is on the separate subnet
thereby making the secondary use the source IP of its own that was also on
the separate subnet. This then allows the primary to see the secondary as a
different IP so that the secondary gets replied to with the different
database.
Am I right? Is this the only way? Does it work? Does anyone understand what
I'm saying?
Thanks
Mike H
> -----Original Message-----
> From: Mark_Andrews at isc.org [SMTP:Mark_Andrews at isc.org]
> Sent: Friday, March 01, 2002 5:43 AM
> To: Joaquin J. Domens
> Cc: bind
> Subject: Re: [BIND 8.3.1]Strange zone resolution
>
>
> > Hi all,
> >
> > I'm having a strange issue with a zone that it's autorithative for us;
> > ole.com.
> >
> > It's registered in Interdomain for our dns's:
> >
> > DNS1.TERRA.ES 195.235.96.89
> > TELELINE.TELELINE.ES 194.224.53.3 (this is an old interface)
> >
> > In our machine it's configured
> >
> > ole.com. 1D IN NS dns1.terra.es.
> > ole.com. 1D IN NS dns2.terra.es.
> > dns1.terra.es. 1D IN A 195.235.96.89
> > dns2.terra.es. 1D IN A 195.235.96.90
>
> Firstly make the NS records match those you have told the
> parent zone about. Mismatching NS RRsets cause problems.
>
> >
> >
> > The strange thing is that locally it resolves the domain Ok, but if I
> > query outside dns's I have no response:
> >
> > tdns1:/var/named>dig any ole.com
> >
> > ; <<>> DiG 8.3 <<>> any ole.com
> > ;; res options: init recurs defnam dnsrch
> > ;; got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 3
> > ;; QUERY SECTION:
> > ;; ole.com, type = ANY, class = IN
> >
> > ;; ANSWER SECTION:
> > ole.com. 1D IN MX 10 smtp.ole.com.
> > ole.com. 1D IN NS dns1.terra.es.
> > ole.com. 1D IN NS dns2.terra.es.
> > ole.com. 1D IN SOA dns1.terra.es.
> > dnsadmin.corp.terra.es. (
> > 2002022800 ; serial
> > 1H ; refresh
> > 30M ; retry
> > 1W ; expiry
> > 12H ) ; minimum
> >
> >
> > ;; AUTHORITY SECTION:
> > ole.com. 1D IN NS dns1.terra.es.
> > ole.com. 1D IN NS dns2.terra.es.
> >
> > ;; ADDITIONAL SECTION:
> > smtp.ole.com. 1D IN A 195.235.113.142
> > dns1.terra.es. 1D IN A 195.235.96.89
> > dns2.terra.es. 1D IN A 195.235.96.90
> >
> > ;; Total query time: 3 msec
> > ;; FROM: tdns1 to SERVER: default -- 195.235.113.3
> > ;; WHEN: Fri Mar 1 10:45:29 2002
> > ;; MSG SIZE sent: 25 rcvd: 218
> >
> ------------------------------------------------------------------------
> >
> > But if i query outsiode dns's ...........
> >
> > tdns1:/var/named>dig any @dns.eresmas.com ole.com
> >
> > ; <<>> DiG 8.3 <<>> any @dns.eresmas.com ole.com
> > ; (1 server found)
> > ;; res options: init recurs defnam dnsrch
> > ;; got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; QUERY SECTION:
> > ;; ole.com, type = ANY, class = IN
> >
> > ;; AUTHORITY SECTION:
> > com. 2h21m19s IN SOA A.GTLD-SERVERS.NET.
> > nstld.verisign-grs.com. (
> > 2002022801 ; serial
> > 30M ; refresh
> > 15M ; retry
> > 1W ; expiry
> > 1D ) ; minimum
> >
> >
> > ;; Total query time: 17 msec
> > ;; FROM: tdns1 to SERVER: dns.eresmas.com 62.81.160.250
> > ;; WHEN: Fri Mar 1 10:50:43 2002
> > ;; MSG SIZE sent: 25 rcvd: 98
> >
> ------------------------------------------------------------------------
> >
> > Any idea on this subject???¿?¿?
>
> Talk to Network Solutions. OLE.COM does not appear in the COM
> zone any they are who you have your contract with.
>
> Mark
> >
> > Cheers
> >
> > --
> > --------------------------------------------------
> > Joaquin J. Domens
> > Área de Tecnología
> > Departamento de Producción / Aplicaciones
> > --------------------------------------------------
> > Terra Networks España S.A.
> > --------------------------------------------------
> > Mercado Continuo: TRR | Nasdaq: TRLY
> > --------------------------------------------------
> > http://www.terra.es
> > --------------------------------------------------
> >
> >
> >
> >
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
>
<<Disclaimer>>
This electronic mail is intended only for the use of the addressee(s) named
herein. Unless otherwise specifically stated, the views contained and
expressed in this electronic mail are strictly those of the individual
sender and are not the views of the Company or any of its Directors or other
employees. If you are not the intended recipient of this electronic mail,
you are hereby notified that any dissemination, distribution or coping of
this electronic mail is strictly prohibited. If you received this electronic
mail in error please immediately notify us by return electronic mail and
delete this electronic mail from your system.
More information about the bind-users
mailing list