Syncing Multiple (like, 10) Views using TSIG.. example?
Kevin Darcy
kcd at daimlerchrysler.com
Sat Feb 17 01:44:19 UTC 2007
Thom Brooks wrote:
> I have looked at the man pages and reviewed the mailing list archives, but
> have not yet found a solution...
>
> We have multiple views on a master DNS server running BIND 9.3.
> One of them is 'outside' and there are about six or seven 'internal' views
> (one per VLAN/subnet).
>
> This was necessary because some of the machines (file servers) in our
> environment have multiple IP addresses so that if a client from the 'design'
> department asks for the file server address, it can access it directly without
> having to go through the router or firewall. If a client from the 'staff'
> subnet asks for the same hostname, it'll get a different IP, etc.
>
> I have seen the example config of 9.3 using TSIG that is supposed to let AXFRs
> happen with just one IP address for master and slave servers.
>
> The master is configured and appears to work correctly. It answers queries
> from different internal subnets, and the main external view, correctly.
>
> However, the slave seems to be getting the views screwed up. I'm sure that
> it's not configured properly... because 'internal only' (eg 192.168.x.x)
> addresses are showing up in the external, 'public' view, and vice versa. I
> think I'm probably not using ! (bang) to negate specific keys in
> the match-clients statement.
>
> But rather than post specific configuration files here, could I make a request
> that would benefit a lot more people who may be trying to do the same thing
> and ask if someone could kindly extend the example seen at
> http://www.bind9.net/BIND-FAQ to perhaps include views 'internal1' and
> 'internal2', and copy that example config respond to my message here?
>
> Thanks for your time.
>
Views are ugly, we use sortlist for this kind of thing where possible.
- Kevin
More information about the bind-users
mailing list