[Chris Buxton]

Zone refresh checks and zone transfer requests are not recursive queries. With match-recursive-only, the view cannot act as a master to any slave. You might want to consider a hidden master that does not have this option set.

Regards,
Chris Buxton
BlueCat Networks

On Dec 21, 2011, at 1:54 AM, Konstantin V. Krotov wrote:

> Hello, list!
> I have split view on my name-servers (master and slave), for internal and external clients i have zone with similar names, but different content.
> Part of config named.conf on master:
> 
> view "internal" {
>    match-clients { myclients; };
>    recursion yes;
>    match-recursive-only yes;
>    allow-recursion { myclients; };
> ...
>    zone "10.168.192.in-addr.arpa" {
>        type master;
>        file "10.168.192.in-addr.arpa.db";
>        allow-transfer {transfer_acl;};
>        allow-update {none;};
>    };
> ...
> }
> 
> view "external" {
>    match-clients { "any"; };
>    recursion no;
> ...
> [here descriptions of zone]
> }
> 
> Well, then i have "match-recursive-only yes" directive in "internal" view, slave name-server report: "zone 10.168.192.in-addr.arpa/IN/internal: refresh: non-authoritative answer from master xx.xx.136.2#53 (source xx.xx.140.26#0). If match-recursive-only no, zone transfer to slave all right. There i have wrong? Thx.
> 
> -- 
> WBR, Konstantin V. Krotov
> mailto: kkv at insysnet.ru
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users