Slave displaying all domain info when using $INCLUDE on master
Jobst Schmalenbach
jobst at barrett.com.au
Thu Sep 5 08:54:13 UTC 2013
Hi.
I have a master/slave combo, the master is ok, displays the correct info when queried, but the slave displays too much info, including the internal stuff.
The master uses two zone files (*internal and *external) that each include different files using $INLCUDES each containing different information 1) the external includes domain names that the world needs to know and 2) the internal includes the world stuff + internal domain names.
I am displaying the config info for one of the domains I am most concerned about (the master is 220.233.246.146, the slave is 220.233.37.60).
Currently the slave nameserver will REFUSE external queries until I fix this => allow-query { internal; };
Master /etc/named.conf:
acl "internal" { localhost; 192.168.0.0/16; 10.1.0.0/16; 220.233.246.146; };
acl "external" { any; localhost; };
view "internal" {
match-clients { "internal"; };
recursion yes;
zone "barrett.com.au" {
type master;
file "pz/barrett.com.au.internal";
forwarders {};
allow-update { localhost; };
also-notify { 220.233.37.60; };
notify explicit;
};
}
view "external" {
match-clients { any; };
recursion no;
zone "barrett.com.au" {
type master;
file "pz/barrett.com.au.external";
forwarders {};
allow-update { localhost; };
also-notify { 220.233.37.60; };
notify explicit;
};
}
MASTER pz/barrett.com.au.internal:
$TTL 7200;
@ IN SOA ns1.barrettconsulting.com.au. hostmaster.barrettconsulting.com.au. (
2013090530 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
2w ; expire after 1 week
1h ) ; negative caching TTL of one hour
IN TXT "Barrett Consulting Group Name Server"
IN SPF "v=spf a mx ptr mx:mail.barrett.com.au mx:mail2.barrett.com.au mx:mail.salesessentials.com ip4:118.127.20.99 ip4:220.233.246.146 -all"
IN NS ns1.barrettconsulting.com.au.
IN NS ns2.barrettconsulting.com.au.
IN MX 10 mail.barrett.com.au.
IN MX 100 mail2.barrett.com.au.
$INCLUDE pz/barrett.com.au.internal.zone_data
MASTER pz/barrett.com.au.external:
$TTL 7200;
@ IN SOA ns1.barrettconsulting.com.au. hostmaster.barrettconsulting.com.au. (
2013090530 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
2w ; expire after 1 week
1h ) ; negative caching TTL of one hour
IN TXT "Barrett Consulting Group Name Server"
IN SPF "v=spf a mx ptr mx:mail.barrett.com.au mx:mail2.barrett.com.au mx:mail.salesessentials.com ip4:118.127.20.99 ip4:220.233.246.146 -all"
IN NS ns1.barrettconsulting.com.au.
IN NS ns2.barrettconsulting.com.au.
IN MX 10 mail.barrett.com.au.
IN MX 100 mail2.barrett.com.au.
$INCLUDE pz/barrett.com.au.external.zone_data
This works VERY FINE for the MASTER, e.g. if I query the namesever from an outside network and request an internal address it will diplay
** server can't find dev.barrett.com.au: NXDOMAIN
but on the slave BOTH zone files have the same information in them including external and internal zone data (which I do not want)
Slave /etc/named.conf:
acl "internal" { localhost; 192.168.0.0/16; 10.1.0.0/16; 220.233.37.60; };
acl "external" { any; localhost; };
view "internal" {
match-clients { "internal"; };
recursion yes;
zone "barrett.com.au" {
type slave;
file "pz/bak.barrett.com.au.internal";
forwarders { };
masters { 220.233.246.146; };
notify no;
};
}
view "external" {
match-clients { any; };
recursion no;
zone "barrett.com.au"{
type slave;
file "pz/bak.barrett.com.au.external";
forwarders {};
masters { 220.233.246.146; };
notify no;
};
}
Now, is it incorrect that I can have separate zone files on the slave (each containing different info)?
If this is possible, what am I doing wrong to get this to work?
thanks
Jobst
--
I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. -- Bjarne Stroustrup, inventor of the C++ language.
| |0| | Jobst Schmalenbach, jobst at barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L & The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
More information about the bind-users
mailing list