Internal and External view on same slave server?

[Dixon, Justin]

>      From: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] On Behalf Of Jeff Lightner
Sent: Friday, March 13, 2009 16:15
To: bind-users at lists.isc.org
Subject: Internal and External view on same slave server?

 

>      We recently decided to create internal and external views for
some zones.   This worked fine on the master server.

 

>      However, initiating zone transfer on slave from master it loaded
all the zone names I'd created but put exactly the same information into
both sets.   This information was for the internal view which is the
first one in both named.conf files. 

 

>      On doing some research I saw mention of needing to configure
different slaves for internal and external view.   This mentioned need
for separate IPs.

 

>      Since I can't just build a new slave server I instead opted to
create an alias IP using the same NIC as primary IP.  Of course the
question there is how to force the transfer request to come from the
primary IP or the alias IP dependent on which view the zone is in.  

 

>      Further research suggested use of the transfer-source option in
the view to specify the IP to be used to request the transfer.   I added
this.   Also I already had allow-transfer for the primary IP.  I left
that in the external view zone entries in named.conf.  I then created a
separate allow-transfer in the internal view zone entries to use the
alias IP. 

 

>      On checking logs I'm seeing REFUSED from the master in the
slave's logs but I am seeing the slave's alias IP making the request on
the master.   I don't see the slave's primary IP making requests on the
master.

 

>      Is what I'm trying to do possible?  

 

>      If not can someone explain why?  Given that I'm restricting the
IP allowed to transfer and the IP requesting the transfer it seems this
should be working.  At worst it seems it should only have quit working
for one view but its not working for either one.

 

>      If it is possible can someone let me know how they've achieved
it?

 

 

>      Please consider our environment before printing this e-mail or
attachments. 

>        ----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
confidential information and is for the sole use of the intended
recipient(s). If you are not the intended recipient, any disclosure,
copying, distribution, or use of the contents of this information is
prohibited and may be unlawful. If you have received this electronic
transmission in error, please reply immediately to the sender that you
have received the message in error, and delete it. Thank you.
----------------------------------

 

Use TSIG to select the correct view...Example at below URL from the BIND
FAQ on www.isc.org.

 

https://www.isc.org/node/282 

 

Justin Dixon

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090313/7abb5dea/attachment.html>