transfer with views

Steve Arntzen isc at arntzen.us
Sat Jan 1 13:40:01 UTC 2011 

Have you looked at the logs?

You may need to change the debug level with rndc.  You can also set it
when starting bind - named -d debug-level.

Debug level 5 - "Captures the view being used in order to answer a
request".

Have you verified the two views which are being transferred to make sure
they are correct?  If the configuration isn't correct, the same zone can
be transferred to multiple views.

If you are successfully transferring multiple views, can you post the
slave configuration?  Is the slave using the correct key in the third
view?

Steve.


On Sat, 2011-01-01 at 19:13 +0800, pyh at mail.nsbeta.info wrote:
> Two bind servers, one master, one slave.
> There are three views at each.
> The config is shown below.
> But why the first two veiws can get transfered, the third can't be transfer? 
> 
> Thanks in advance. 
> 
>  ---------------------------------
> master: 
> 
> options {
> directory "/usr/local/named/var/named";
> }; 
> 
> key "rndc-key" {
>         algorithm hmac-md5;
>         secret "WcdaZV54M3k7w6c71DDljg==";
> }; 
> 
> controls {
>         inet 127.0.0.1 port 953
>                 allow { 127.0.0.1; } keys { "rndc-key"; };
> }; 
> 
> key liantong-key {
>         algorithm hmac-md5;
>         secret "a85qJDXsRKimmutrmrFw3Q==";
> }; 
> 
> key dianxin-key {
>         algorithm hmac-md5;
>         secret "M5i0sjb6b9pA0NvTqp8+GA==";
> }; 
> 
> key any-key {
>         algorithm hmac-md5;
>         secret "fxe5wmufv275rD029312og==";
> }; 
> 
> include "/usr/local/named/var/named/liantong.acl";
> include "/usr/local/named/var/named/dianxin.acl"; 
> 
>  
> 
> view "liantong" {
>        match-clients {key liantong-key;liantong;};
>        recursion yes;
>        allow-transfer {key liantong-key;};
>        server 192.168.1.202 {keys liantong-key;};
>      zone "." IN {
>        type hint;
>        file "named.root";
>        };
>      zone "luwenju.com" IN {
>        type master;
>        file "liantong.luwenju.com.zone";
>        };
>        }; 
> 
> view "dianxin" {
>        match-clients {key dianxin-key;dianxin;};
>        recursion yes;
>        allow-transfer {key dianxin-key;};
>        server 192.168.1.202 {keys dianxin-key;};
>      zone "." IN {
>        type hint;
>        file "named.root";
>        };
>      zone "luwenju.com" IN {
>        type master;
>        file "dianxin.luwenju.com.zone";
>        };
>        }; 
> 
> view "any" {
>        match-clients {key any-key;any;};
>        recursion yes;
>        allow-transfer {key any-key;};
>        server 192.168.1.202 {keys any-key;};
>      zone "." IN {
>        type hint;
>        file "named.root";
>        };
>      zone "luwenju.com" IN {
>        type master;
>        file "any.luwenju.com.zone";
>        };
>        }; 
> 
>  --------------------------------- 
> 
> slave: 
> 
> options {
> directory "/usr/local/named/var/named";
> }; 
> 
> key "rndc-key" {
>         algorithm hmac-md5;
>         secret "WcdaZV54M3k7w6c71DDljg==";
> }; 
> 
> controls {
>         inet 127.0.0.1 port 953
>                 allow { 127.0.0.1; } keys { "rndc-key"; };
> }; 
> 
> key liantong-key {
>         algorithm hmac-md5;
>         secret "a85qJDXsRKimmutrmrFw3Q==";
> }; 
> 
> key dianxin-key {
>         algorithm hmac-md5;
>         secret "M5i0sjb6b9pA0NvTqp8+GA==";
> }; 
> 
> key any-key {
>         algorithm hmac-md5;
>         secret "fxe5wmufv275rD029312og==";
> }; 
> 
> include "/usr/local/named/var/named/liantong.acl";
> include "/usr/local/named/var/named/dianxin.acl"; 
> 
> 
> view "liantong" {
>        match-clients {key liantong-key;liantong;};
>        recursion yes;
>        allow-transfer {key liantong-key;};
>        server 192.168.1.201 {keys liantong-key;};
>      zone "." IN {
>        type hint;
>        file "named.root";
>        };
>      zone "luwenju.com" IN {
>        type slave;
>        masters {192.168.1.201;};
>        file "liantong.luwenju.com.zone";
>        };
>        }; 
> 
> view "dianxin" {
>        match-clients {key dianxin-key;dianxin;};
>        recursion yes;
>        allow-transfer {key dianxin-key;};
>        server 192.168.1.201 {keys dianxin-key;};
>      zone "." IN {
>        type hint;
>        file "named.root";
>        };
>      zone "luwenju.com" IN {
>        type slave;
>        masters {192.168.1.201;};
>        file "dianxin.luwenju.com.zone";
>        };
>        }; 
> 
> view "any" {
>        match-clients {key any-key;any;};
>        recursion yes;
>        allow-transfer {key any-key;};
>        server 192.168.1.201 {keys any-key;};
>      zone "." IN {
>        type hint;
>        file "named.root";
>        };
>      zone "luwenju.com" IN {
>        type slave;
>        masters {192.168.1.201;};
>        file "any.luwenju.com.zone";
>        };
>        };
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list