views: getting a secondary to mirror a primary split dns with transfer-source?
Kevin Darcy
kcd at daimlerchrysler.com
Mon Nov 17 23:39:34 UTC 2003
Sean Boran wrote:
>Hi,
>
>I've just migrated a Primary & Secondary to using Views on Bind 9.2.1.
>The idea is to present and internal view to Intranet hosts, and an
>external view to the Internet.
>
>This has worked out fine on the primary, the published address spaces
>are as expected. However, on the secondary, the full (internal)
>namespace is mirrored to both internal and external view.
>
>I searched the FAQ and this group for relevant discussions, of which
>there a few lively ones, but no solution on exactly how to get the
>secondary to only transfer the external view from the primary for that
>namespace. (I would prefer to stay with Bind rather than change to
>another product).
>
>I saw one suggestion to use "transfer-source" on the secondary, to use
>a different IP when transferring from the primary.
>view "internal" {
> match-clients { intranets; };
> allow-transfer { int-nameservers; };
> transfer-source A.B.C.D; // special source for Internal ZoneTx
>....
>view "external" {
> match-clients { any; };
> allow-transfer { external-nameservers; };
> transfer-source E.F.G.H;
>
>Then on the primary, I added the IP address A.B.C.D to the acl for
>allow-transfer of Internal, and E.F.G.H for external.
>
>BUT, the two tables internal and external, mirrored on the secondary,
>are infact identical and correspond to the internal namespace.
>
Well, not only do you need to plug those addresses into the relevant
allow-transfer clauses, you also need to ensure that the slaves'
transfer-source addresses correspond to the relevant *views* on the
master as well. For instance, address A.B.C.D needs to match the
master's "internal" view, and E.F.G.H needs to match the master's
"external" view.
- Kevin
More information about the bind-users
mailing list