Problems with Bind 9 Views (internal,external)
Stefan Sabolowitsch
Stefan.Sabolowitsch at feltengmbh.de
Wed Aug 24 14:06:13 UTC 2005
Hi List,
Need your assistance.
I have here two servers with bind 9.2.4.
One is the master and the other Slave.
I have problems with the updates (master, slave) of the two among themselves
(views).
If i
rndc reload XXXXX.com IN external
make, the Slave takes itself the information from the master
"internal" zone and written these in the Slave "external" zone files.
Thus "internal" zone files of the master have same contents as the
"external" zone files of the Slave.
Why? That ist fatal.
Here the named.conf from slave:
// internal hosts
acl internals {
192.168.1.0/24;
192.168.0.0/24;
192.168.100.0/24;
192.168.5.0/24;
192.168.6.0/24;
127.0.0.0/24;
};
// external hosts
acl externals {
!internals;
};
acl forwarder {
194.25.0.68;
194.25.0.52;
194.25.0.60;
};
acl telekom {
194.25.0.125;
194.25.0.121;
194.25.1.113;
194.25.15.217;
194.246.96/24;
129.70.132.100;
195.244.245.27;
194.25.0.122;
195.244.245.25;
195.244.245.24;
194.25.0.44;
194.25.0.45;
194.25.0.46;
62.156.152.59;
62.156.153.47;
};
options {
directory "/etc/namedb";
pid-file "/var/run/named/named.pid";
allow-transfer { none; }; // sample allow-transfer
allow-query { internals; externals; telekom; }; // restrict query
access
allow-recursion { internals; }; // restrict recursion
notify no;
forward only;
forwarders {
194.25.0.52;
194.25.0.60;
194.25.0.68;
};
};
logging {
channel named_info {
// log to syslog instead of a file
syslog daemon;
severity info;
// include the category of the event in the log
print-category yes;
// include the severity of the event in the log
print-severity yes;
// include the time of the event in the log
// print-time yes;
};
// Processing of client requests
category client { named_info; };
// named.conf parsing and processing
category config { named_info; };
// Messages relating to internal memory structures
category database { named_info; };
// This is the default for any category not specifically defined
category default { named_info; };
// The catch-all. Anything without a category of its own
category general { named_info; };
// Uncomment if you dont want to know about lame server.
// Leave commented and it defaults to the
// value of default above
// category lame-servers { null; };
// The NOTIFY protocol
category notify { named_info; };
// Network operations
category network { named_info; };
// DNS resolution like recursive lookups, etc..
category resolver { named_info; };
// Approval and denial of requests
category security { named_info; };
// Dynamic updates
category update { named_info; };
// Queries. Duh.
category queries { named_info; };
// Zone transfers received
category xfer-in { named_info; };
// Zone transfers sent
category xfer-out { named_info; };
};
view "internal" {
// Internal network
match-clients {
internals;
127.0.0.0/24;
};
recursion yes;
// Provide a reverse mapping for the loopback address 127.0.0.1
zone "0.0.127.in-addr.arpa" IN {
type master;
file "db.127.0.0";
notify no;
};
// Root server hints
zone "." IN {
type hint;
file "db.cache";
};
// We are the slave server for XXXXX.de
zone "XXXXX.de" IN {
type slave;
masters {192.168.100.20; };
file "db.XXXXX-de.internal";
allow-query { internals; };
allow-transfer { internals; };
};
// We are the slave server for XXXXX.com
zone "XXXXX.com" IN {
type slave;
masters {192.168.100.20; };
file "db.XXXXX-com.internal";
allow-query { internals; };
allow-transfer { internals; };
};
// Provide a reverse mapping for 192.168.0.0-255
zone "0.168.192.in-addr.arpa" IN {
type slave;
masters {192.168.100.20; };
file "db.192.168.0.rev";
allow-query { internals; };
allow-transfer { internals; };
};
// Provide a reverse mapping for 192.168.1.0-255
zone "1.168.192.in-addr.arpa" IN {
type slave;
masters {192.168.100.20; };
file "db.192.168.1.rev";
allow-query { internals; };
allow-transfer { internals; };
};
// Provide a reverse mapping for 192.168.100.0-255
zone "100.168.192.in-addr.arpa" IN {
type slave;
masters {192.168.100.20; };
file "db.192.168.100.rev";
allow-query { internals; };
allow-transfer { internals; };
};
};
view "external" {
// External network
match-clients { any; };
recursion no; // refuse recursive service to external clients
// Provide a reverse mapping for the loopback address 127.0.0.1
zone "0.0.127.in-addr.arpa" IN {
type master;
file "db.127.0.0";
notify no;
};
// Root server hints
zone "." IN {
type hint;
file "db.cache";
};
// We are the slave server for XXXXX.de
zone "XXXXX.de" IN {
type slave;
masters {192.168.100.20; };
file "db.XXXXX-de.external";
notify yes;
allow-query {
any;
};
allow-transfer {
any;
};
};
// We are the slave server for XXXXX.com
zone "XXXXX.com" IN {
type slave;
masters {192.168.100.20; };
file "db.XXXXX-com.external";
notify yes;
allow-query {
any;
};
allow-transfer {
any;
};
};
// Provide a reverse mapping for 217.6.XX.0/25
zone "0.XX.6.217.in-addr.arpa" IN {
type slave;
masters {192.168.100.20; };
file "db.217.6.XX.rev";
allow-query {
any;
};
allow-transfer {
telekom;
};
notify yes;
};
};
More information about the bind-users
mailing list