views: getting a secondary to mirror a primary split dns with transfer-source?

Pete Ehlke pde at ehlke.net
Mon Nov 17 22:05:14 UTC 2003 

On Mon, Nov 17, 2003 at 08:42:21AM -0800, Sean Boran wrote:
> Hi,
> 
> I've just migrated a Primary & Secondary to using Views on Bind 9.2.1.
> The idea is to present and internal view to Intranet hosts, and an
> external view to the Internet.
> 
> This has worked out fine on the primary, the published address spaces
> are as expected. However, on the secondary, the full (internal)
> namespace is mirrored to both internal and external view.
> 
> I searched the FAQ and this group for relevant discussions, of which
> there a few lively ones, but no solution on exactly how to get the
> secondary to only transfer the external view from the primary for that
> namespace. (I would prefer to stay with Bind rather than change to
> another product).
> 
You must have missed this part of the FAQ ;)

Q: How can I make a server a slave for both an internal and
an external view at the same time?  When I tried, both views
on the slave were transfered from the same view on the master.

A: You will need to give the master and slave multiple IP addresses and
use those to make sure you reach the correct view on the other machine.

        e.g.
        Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
            internal:
                match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
                notify-source 10.0.1.1;
                transfer-source 10.0.1.1;
                query-source address 10.0.1.1;
            external:
                match-clients { any; };
                recursion no;   // don't offer recursion to the world
                notify-source 10.0.1.2;
                transfer-source 10.0.1.2;
                query-source address 10.0.1.2;

        Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
            internal:
                match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
                notify-source 10.0.1.3;
                transfer-source 10.0.1.3;
                query-source address 10.0.1.3;
            external:
                match-clients { any; };
                recursion no;   // don't offer recursion to the world
                notify-source 10.0.1.4;
                transfer-source 10.0.1.4;
                query-source address 10.0.1.4;

        You put the external address on the alias so that all the other
        dns clients on these boxes see the internal view by default.


-Pete

More information about the bind-users mailing list