Zone transfer master -> slave using views on same subnet.
Mark Andrews
Mark_Andrews at isc.org
Sat Jan 6 12:57:36 UTC 2007
> Hello,
>
>
> I am fighting to be able to have complete zone transfer between
> Master and Slave with view configured, knowing that both Master and
> Slave are on the same subnet.
>
> Both servers are located on the 192.168.2.0 network. They are reached
> with NAT through the IP 78.87.206.98 (Master) 78.87.206.99 (Slave).
> Master is 192.168.2.2 and Slave 192.168.2.3
The server and masters clause need to match up. You have a
mis-match.
server 192.168.2.2 { keys externe; };
masters { 78.87.206.98 ; };
> I have followed the example provided on the FAQ using TSIG zone
> transfer between Master and Slave.
> It is working quite ok on the "interne" view but not on the "externe"
> view.
>
>
> Any help would be greatly apreciated.
>
>
> THx in advance.
>
>
> ####################
> # Master
> ####################
>
> key "externe" {
> algorithm hmac-md5;
> secret "cduzN45KImfVsTkuwt4DpDunf9z3BlMV0idz+y03En0=";
> };
>
> acl interne { 192.168.2.0/24; 127.0.0.1; };
> acl reseau { 78.87.206.96/28; 127.0.0.1; 82.66.93.242;
> 192.168.2.0/24; };
>
> options {
> directory "/etc/namedb/zones";
> pid-file "/var/run/named/pid";
> dump-file "/var/dump/named_dump.db";
> statistics-file "/var/stats/named.stats";
> zone-statistics yes;
> query-source address * port 53;
>
> allow-transfer {
> 78.87.206.99;
> 192.168.2.3;
> 195.115.46.198;
> 80.67.173.196;
> 199.242.242.199;
> 195.141.133.18;
> 195.141.133.17;
> 217.70.177.40;
> 195.115.141.1;
> 195.115.141.4;
> 194.6.128.4;
> 213.186.62.200;
> };
>
> allow-recursion { reseau; };
> version "mind your own business!";
> blackhole {
> };
> };
>
>
> // Vue interne du reseau ToDoo en 192.168.2.0
>
> view interne {
> match-clients { !key externe; interne; };
> // notify no;
>
> zone "rma.fr" {
> type master;
> file "local/hosts.rma.fr";
> };
>
> zone "tomo.biz" {
> type master;
> file "local/hosts.tomo.biz";
> };
>
> zone "2.168.192.in-addr.arpa" {
> type master;
> file "local/hosts.2.168.192.in-addr.arpa";
> };
>
> };
>
>
> //--- Cache ---
>
> view externe {
> match-clients { key externe; any; };
> server 192.168.2.3 { keys externe; };
> recursion no;
>
>
> zone "." {
> type hint;
> file "named.ca";
> };
>
>
> //--- Reverse ---
>
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "named.local";
> };
>
>
> //--- Zone reverse de nos clients ---//
>
> zone "73.66.91.81.in-addr.arpa" {
> type master;
> file "hosts.73.66.91.81.in-addr.arpa";
> };
>
>
> //--- Slaves for Aeroports de paris ---
>
>
> zone "alloco.com" {
> type slave;
> masters { 87.98.206.98 ; };
> file "hosts.alloco.com";
> allow-transfer { none; };
> };
>
>
>
>
>
>
>
> ############
> Slave
> ############
>
>
> key "externe" {
> algorithm hmac-md5;
> secret "cduzN45KImfVsTkuwt4DpDunf9z3BlMV0idz+y03En0=";
> };
>
>
> acl interne { 192.168.2.0/24; 127.0.0.1; };
> acl reseau { 127.0.0.1; 192.168.2.0/24; 82.66.93.242;
> 78.87.206.97/28; };
>
> options {
> directory "/zones";
> pid-file "/var/run/named/pid";
> dump-file "/var/dump/named_dump.db";
> statistics-file "/var/stats/named.stats";
> query-source address * port 53;
> max-transfer-time-in 1800;
> max-transfer-idle-in 900;
> version "mind your own business!";
> blackhole {
> };
> allow-recursion { reseau; };
> };
>
>
> view interne {
> match-clients { !key externe; interne; };
>
> zone "rma.fr" {
> type slave;
> masters { 192.168.2.2; };
> file "hosts.rma.fr.interne";
> };
>
> zone "tomo.biz" {
> type slave;
> masters { 192.168.2.2; };
> file "hosts.tomo.biz.interne";
> };
>
> zone "2.168.192.in-addr.arpa" {
> type slave;
> masters { 192.168.2.2; };
> file "hosts.2.168.192.in-addr.arpa";
> };
>
> };
>
>
>
> view externe {
> match-clients { key externe; any; };
> server 192.168.2.2 { keys externe; };
> // recursion no;
>
> //--- Cache ---
>
> zone "." {
> type hint;
> file "named.root";
> };
>
> //--- Reverse ---
>
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "localhost.rev";
> };
>
> zone "alloco.fr" {
> type slave;
> masters { 78.87.206.98 ; };
masters { 192.168.2.2; };
> file "hosts.alloco.fr";
> allow-transfer { none; };
> };
>
> …
> };
>
>
>
>
>
> ________________________________________________
> «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§
> ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
> Gregober ---> PGP ID --> 0x1BA3C2FD
> bsd @at@ todoo.biz
> ________________________________________________
> «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§
> ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
>
> P "Please consider your environmental responsibility before printing
> this e-mail"
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list