Syncing Multiple (like, 10) Views using TSIG.. example?

[Thom Brooks]

I have looked at the man pages and reviewed the mailing list archives, but 
have not yet found a solution...

We have multiple views on a master DNS server running BIND 9.3.
One of them is 'outside' and there are about six or seven 'internal' views 
(one per VLAN/subnet).

This was necessary because some of the machines (file servers) in our 
environment have multiple IP addresses so that if a client from the 'design' 
department asks for the file server address, it can access it directly without 
having to go through the router or firewall. If a client from the 'staff' 
subnet asks for the same hostname, it'll get a different IP, etc.

I have seen the example config of 9.3 using TSIG that is supposed to let AXFRs 
happen with just one IP address for master and slave servers.

The master is configured and appears to work correctly. It answers queries 
from different internal subnets, and the main external view, correctly.

However, the slave seems to be getting the views screwed up. I'm sure that 
it's not configured properly... because 'internal only' (eg 192.168.x.x) 
addresses are showing up in the external, 'public' view, and vice versa. I 
think I'm probably not using ! (bang) to negate specific keys in 
the match-clients statement.

But rather than post specific configuration files here, could I make a request 
that would benefit a lot more people who may be trying to do the same thing 
and ask if someone could kindly extend the example seen at 
http://www.bind9.net/BIND-FAQ to perhaps include views 'internal1' and 
'internal2', and copy that example config respond to my message here?

Thanks for your time.


Thom Brooks
Adler Planetarium and Astronomy Museum
Chicago, IL