Internal and External view on same slave server?

Jeff Lightner jlightner at water.com
Fri Mar 13 20:14:56 UTC 2009 

We recently decided to create internal and external views for some
zones.   This worked fine on the master server.

 

However, initiating zone transfer on slave from master it loaded all the
zone names I'd created but put exactly the same information into both
sets.   This information was for the internal view which is the first
one in both named.conf files. 

 

On doing some research I saw mention of needing to configure different
slaves for internal and external view.   This mentioned need for
separate IPs.

 

Since I can't just build a new slave server I instead opted to create an
alias IP using the same NIC as primary IP.  Of course the question there
is how to force the transfer request to come from the primary IP or the
alias IP dependent on which view the zone is in.  

 

Further research suggested use of the transfer-source option in the view
to specify the IP to be used to request the transfer.   I added this.
Also I already had allow-transfer for the primary IP.  I left that in
the external view zone entries in named.conf.  I then created a separate
allow-transfer in the internal view zone entries to use the alias IP. 

 

On checking logs I'm seeing REFUSED from the master in the slave's logs
but I am seeing the slave's alias IP making the request on the master.
I don't see the slave's primary IP making requests on the master.

 

Is what I'm trying to do possible?  

 

If not can someone explain why?  Given that I'm restricting the IP
allowed to transfer and the IP requesting the transfer it seems this
should be working.  At worst it seems it should only have quit working
for one view but its not working for either one.

 

If it is possible can someone let me know how they've achieved it?
 
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090313/35338ced/attachment.html>

More information about the bind-users mailing list