Problems with Bind 9 Views (internal,external)
Jens Grigel
jens.grigel at sskm.de
Wed Aug 24 15:06:04 UTC 2005
On Wed, 2005-08-24 at 16:06, Stefan Sabolowitsch wrote:
> Hi List,
>
> Need your assistance.
> I have here two servers with bind 9.2.4.
> One is the master and the other Slave.
>
> I have problems with the updates (master, slave) of the two among themselves
> (views).
>
> If i
>
> rndc reload XXXXX.com IN external
>
> make, the Slave takes itself the information from the master
> "internal" zone and written these in the Slave "external" zone files.
> Thus "internal" zone files of the master have same contents as the
> "external" zone files of the Slave.
>
> Why? That ist fatal.
>
Hi,
the problem (and the solution) of a slave NS for an internal and
external view of a master NS is in the bind faq's
check here:
http://www.isc.org/index.pl?/sw/bind/
and search for the section:
"How can I make a server a slave for both an internal and an external
view at the same time? When I tried, both views on the slave were
transferred from the same view on the master"
--
Jens
> Here the named.conf from slave:
>
> // internal hosts
> acl internals {
> 192.168.1.0/24;
> 192.168.0.0/24;
> 192.168.100.0/24;
> 192.168.5.0/24;
> 192.168.6.0/24;
> 127.0.0.0/24;
> };
>
> // external hosts
> acl externals {
> !internals;
> };
>
> acl forwarder {
> 194.25.0.68;
> 194.25.0.52;
> 194.25.0.60;
> };
> acl telekom {
> 194.25.0.125;
> 194.25.0.121;
> 194.25.1.113;
> 194.25.15.217;
> 194.246.96/24;
> 129.70.132.100;
> 195.244.245.27;
> 194.25.0.122;
> 195.244.245.25;
> 195.244.245.24;
> 194.25.0.44;
> 194.25.0.45;
> 194.25.0.46;
> 62.156.152.59;
> 62.156.153.47;
> };
>
> options {
> directory "/etc/namedb";
> pid-file "/var/run/named/named.pid";
>
>
> allow-transfer { none; }; // sample allow-transfer
> allow-query { internals; externals; telekom; }; // restrict query
> access
> allow-recursion { internals; }; // restrict recursion
> notify no;
> forward only;
> forwarders {
> 194.25.0.52;
> 194.25.0.60;
> 194.25.0.68;
> };
> };
>
>
> logging {
> channel named_info {
> // log to syslog instead of a file
> syslog daemon;
> severity info;
> // include the category of the event in the log
> print-category yes;
> // include the severity of the event in the log
> print-severity yes;
> // include the time of the event in the log
> // print-time yes;
> };
>
> // Processing of client requests
> category client { named_info; };
>
> // named.conf parsing and processing
> category config { named_info; };
>
> // Messages relating to internal memory structures
> category database { named_info; };
>
> // This is the default for any category not specifically defined
>
> category default { named_info; };
>
> // The catch-all. Anything without a category of its own
> category general { named_info; };
>
> // Uncomment if you dont want to know about lame server.
> // Leave commented and it defaults to the
> // value of default above
> // category lame-servers { null; };
>
> // The NOTIFY protocol
> category notify { named_info; };
>
> // Network operations
> category network { named_info; };
>
> // DNS resolution like recursive lookups, etc..
> category resolver { named_info; };
>
> // Approval and denial of requests
> category security { named_info; };
>
> // Dynamic updates
> category update { named_info; };
>
> // Queries. Duh.
> category queries { named_info; };
>
> // Zone transfers received
> category xfer-in { named_info; };
>
> // Zone transfers sent
> category xfer-out { named_info; };
> };
>
>
> view "internal" {
> // Internal network
> match-clients {
> internals;
> 127.0.0.0/24;
> };
>
> recursion yes;
>
> // Provide a reverse mapping for the loopback address 127.0.0.1
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "db.127.0.0";
> notify no;
> };
>
> // Root server hints
> zone "." IN {
> type hint;
> file "db.cache";
> };
>
> // We are the slave server for XXXXX.de
> zone "XXXXX.de" IN {
> type slave;
> masters {192.168.100.20; };
> file "db.XXXXX-de.internal";
>
> allow-query { internals; };
> allow-transfer { internals; };
> };
>
> // We are the slave server for XXXXX.com
> zone "XXXXX.com" IN {
> type slave;
> masters {192.168.100.20; };
> file "db.XXXXX-com.internal";
>
> allow-query { internals; };
> allow-transfer { internals; };
> };
>
>
> // Provide a reverse mapping for 192.168.0.0-255
> zone "0.168.192.in-addr.arpa" IN {
> type slave;
> masters {192.168.100.20; };
> file "db.192.168.0.rev";
>
> allow-query { internals; };
> allow-transfer { internals; };
> };
>
>
> // Provide a reverse mapping for 192.168.1.0-255
> zone "1.168.192.in-addr.arpa" IN {
> type slave;
> masters {192.168.100.20; };
> file "db.192.168.1.rev";
>
> allow-query { internals; };
> allow-transfer { internals; };
> };
>
> // Provide a reverse mapping for 192.168.100.0-255
> zone "100.168.192.in-addr.arpa" IN {
> type slave;
> masters {192.168.100.20; };
> file "db.192.168.100.rev";
>
> allow-query { internals; };
> allow-transfer { internals; };
> };
>
>
> };
>
> view "external" {
> // External network
> match-clients { any; };
>
> recursion no; // refuse recursive service to external clients
>
> // Provide a reverse mapping for the loopback address 127.0.0.1
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "db.127.0.0";
> notify no;
> };
>
> // Root server hints
> zone "." IN {
> type hint;
> file "db.cache";
> };
>
> // We are the slave server for XXXXX.de
> zone "XXXXX.de" IN {
> type slave;
> masters {192.168.100.20; };
> file "db.XXXXX-de.external";
>
> notify yes;
> allow-query {
> any;
> };
> allow-transfer {
> any;
> };
> };
>
>
> // We are the slave server for XXXXX.com
> zone "XXXXX.com" IN {
> type slave;
> masters {192.168.100.20; };
> file "db.XXXXX-com.external";
>
> notify yes;
> allow-query {
> any;
> };
> allow-transfer {
> any;
> };
> };
>
>
>
> // Provide a reverse mapping for 217.6.XX.0/25
> zone "0.XX.6.217.in-addr.arpa" IN {
> type slave;
> masters {192.168.100.20; };
> file "db.217.6.XX.rev";
>
> allow-query {
> any;
> };
> allow-transfer {
> telekom;
> };
> notify yes;
> };
> };
>
>
>
>
>
More information about the bind-users
mailing list