I specify subject: split view, match-recursive-only, non-authoritative answer from master
Konstantin V. Krotov
kkv at insysnet.ru
Fri Dec 23 07:08:16 UTC 2011
21.12.2011 20:40, Chris Buxton пишет:
> No, that's not correct. You can use TSIG keys to differentiate between views, without using separate interfaces.
I will try to
However, this will not solve the problem -- removing
match-recursive-only will solve the problem.
I need "match-recursive-only yes" in internal view options, i have
master zones in external view and without "match-recursive-only yes"
request from my internal clients to external zones not correctly.
>
> Regards,
> Chris Buxton
> BlueCat Networks
>
> On Dec 21, 2011, at 2:23 AM, Gelo wrote:
>
>> Hi,
>>
>> Maybe this can help you.
>>
>> First you need two network interfaces with diferent ip.
>>
>> At the internal view declaration add transfer-source 192.168.11.x; ( has to be different from your public/external)
>>
>> In the zone statement, you must specify the private IP address of your slaves, at allow-transfer clause
>>
>> I hope you worth something.
>>
>>
>> regards.
>> Gelo
>>
>> 2011/12/21 Konstantin V. Krotov<kkv at insysnet.ru>
>> 21.12.2011 13:54, Konstantin V. Krotov пишет:
>> Hello, list!
>> I have split view on my name-servers (master and slave), for internal
>> and external clients i have zone with similar names, but different content.
>> Part of config named.conf on master:
>>
>> view "internal" {
>> match-clients { myclients; };
>> recursion yes;
>> match-recursive-only yes;
>> allow-recursion { myclients; };
>> ...
>> zone "10.168.192.in-addr.arpa" {
>> type master;
>> file "10.168.192.in-addr.arpa.db";
>> allow-transfer {transfer_acl;};
>> allow-update {none;};
>> };
>> ...
>> }
>>
>> view "external" {
>> match-clients { "any"; };
>> recursion no;
>> ...
>> [here descriptions of zone]
>> }
>>
>> Well, then i have "match-recursive-only yes" directive in "internal"
>> view, slave name-server report: "zone
>> 10.168.192.in-addr.arpa/IN/internal: refresh: non-authoritative answer
>> from master xx.xx.136.2#53 (source xx.xx.140.26#0). If
>> match-recursive-only no, zone transfer to slave all right. There i have
>> wrong? Thx.
>>
>>
>> --
>> WBR, Konstantin V. Krotov
>> CJSs "Information Systems"
>> mailto: kkv at insysnet.ru
>> phone: +7 (8332) 51-35-95
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
>
--
WBR, Konstantin V. Krotov
CJSs "Information Systems"
mailto: kkv at insysnet.ru
phone: +7 (8332) 51-35-95
More information about the bind-users
mailing list