bind9 split views, internal view leaked out???
Alan Schwartz
alansz at tala.mede.uic.edu
Mon Nov 17 16:08:54 UTC 2003
Simon Hobson <shobson0309 at colony.com> writes:
>news.callatg.com wrote:
>>I "tried" to setup split dns at my site, but it became a mess, and my ISP's
>>dns somehow got an update from me that contained my internal view!?! So I
>>disabled my secondary dns for now to figgure it out - any help would be
>>appreciated - heres the details of my setup:
>>
>>INTERNET ----> ROUTER/NAT ----> 192.168.1.0 network + DNS1 + DNS2
>>
>>DNS1: 192.168.1.110
>>DNS2: 192.168.1.111
>>Router translates outside address 64.42.17.169 to 192.168.1.110, and
>>64.42.17.170 to 192.168.1.111
>>So my DNS servers to the outside world are 64.42.17.169 & .170, but the
>>machines are really the above 192 addy.
>
><snip>
>
>My guess is that DNS2 has gone to do a transfer from DNS1, but DNS1
>sees the source address of the query as 192.168.1.111 instead of
>64.42.17.170. Therefore it serves up the INTERNAL view to DNS2.
>
>At some point after that, your ISP has done a zone transfer, and
>selected the zone file from your internal view as it almost certainly
>has a higher serial number.
If so, that's a bind faq, and the solution is often to bind
extra ip addresses to the name servers to separate ips as
transfer/query/notify-sources/masters for the internal vs. the external
views.
Just ran into this myself.
- Alan
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Alan Schwartz | Disclaimer: I represent no one
<alansz at uic.edu> |
Asst. Prof. of Clinical Decision Making| Life is what happens to you while
University of Illinois at Chicago | you're busy making other plans
Department of Medical Education | - J. Lennon
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
More information about the bind-users
mailing list