Transferring of zones that use view.
Alan Clegg
Alan_Clegg at isc.org
Fri Mar 7 12:29:26 UTC 2008
Nils Olofsson wrote:
> Hi,
> ------------
> Quote from FAQ:
>
> Q:How can I make a server a slave for both an internal and an external
> view at the same time? When I tried, both views on the slave were
> transferred from the same view on the master.
>
> A: You will need to give the master and slave multiple IP addresses and
> use those to make sure you reach the correct view on the other machine.
> ---------------
>
> This might have come up multiply times already...this seems like a
> insane way to transfer "views" in Bind. Is there a patch floating around
> that allows views to be correctly transferred without the need to have a
> lots of spare IP address (ipv4) or the use of the transfer-source
> option ?
It's not a patch, it's BIND 9.3 or later. Reading the rest of the FAQ
that you quoted provides me with this:
Use TSIG to select the appropriate view.
Master 10.0.1.1:
key "external" {
algorithm hmac-md5;
secret "xxxxxxxx";
};
view "internal" {
match-clients { !key external; 10.0.1/24; };
...
};
view "external" {
match-clients { key external; any; };
server 10.0.1.2 { keys external; };
recursion no;
...
};
Slave 10.0.1.2:
key "external" {
algorithm hmac-md5;
secret "xxxxxxxx";
};
view "internal" {
match-clients { !key external; 10.0.1/24; };
...
};
view "external" {
match-clients { key external; any; };
server 10.0.1.1 { keys external; };
recursion no;
...
};
--
Alan Clegg
ISC Training and Support
+1-650-423-1357 (o) +1-919-271-8851 (m)
More information about the bind-users
mailing list