Need assistance with configuring external zone on a 2nd CentOS 7 bind v9.4.4 dns slave

Barry Margolin barmar at alum.mit.edu
Wed Apr 8 16:26:13 UTC 2015 

In article <mailman.1916.1428507901.26362.bind-users at lists.isc.org>,
 William Clarke <wclarke at simons-rock.edu> wrote:

> Barry,
> 
> Thanks you. I appreciate your response Barry. I'm fairly new to Bind and 
> DNS and have gotten a bit lost. Is there any way you can provide a 
> little more information for me? Am I not correct in saying that I'm 
> already using TSIG keys in the include lines?

You need to use the TSIG key in the "match-clients" clause so it will be 
used to select the appropriate view.

view "internal" {
   match-clients { !key slave-external; !192.168.1.4; 10.0.0.0/8; 
192.168.0.0/16; 127.0.0.0/8; };
   allow-transfer { key slave-internal; };
   ...
}
view "external" {
   match-clients { any; };
   allow-transfer { key slave-external; };
   ...
}

> ------------------------------------------------------------
> view "external" {
>          match-clients { any; };
>          allow-transfer { key slave-external; };
> ....
> ...
> ..
> include "/etc/rndc.key";
> include "/etc/transfer-internal.key";
> include "/etc/transfer-external.key";
> ------------------------------------------------------------
> 
> /var/named/chroot/etc/transfer-external.key
> key "slave-external" {
>          algorithm       hmac-md5;
>          secret          "blahblahblahblahblah";
> };
> 
> Thanks,
> 
> William Clarke
> ITS System Administrator
> Bard College at Simon's Rock
> 84 Alford Road
> Great Barrington, MA  01230
> (413) 528-7428 (voice)
> (413) 528-7405 (fax)
> wclarke at simons-rock.edu
> 
> On 4/8/2015 10:54 AM, Barry Margolin wrote:
> > In article <mailman.1910.1428503936.26362.bind-users at lists.isc.org>,
> >   William Clarke <wclarke at simons-rock.edu> wrote:
> >
> >> Resending because the message was over 40K... I removed most of the
> >> internal\external zones and logs to shorten the message.
> >> We have a split DNS chrooted master\slave setup running on CentOS 5.11.
> >> I have 3 named.conf files below, Working master, working slave and a new
> >> CentOS 7 non-working slave that I'm trying to spin up. The internal
> >> zones do get transferred\updated however theexternal zones aren't
> >> transferring at all, the master doesn't even have any mentioning of
> >> external transfers for this specific slave. I have a hunch that this is
> >> either happening because I don't have multiple network adapters
> >> configured ie split DNS for slave or possibly a hostname issue. I tried
> >> to basically mirror the setup of my new slave all except the ip address.
> >> My new slave is 192.168.1.224. The instructions I followed to set this
> >> up was from:
> >> http://www.ehowstuff.com/how-to-setup-bind-chroot-dns-server-on-centos-7-0-
> >> vps
> >> /
> > Since the new slave only has one address, you can't use the IP to
> > distinguish which view should be sent in a zone transfer. You need to
> > use TSIG keys.
> >

-- 
Barry Margolin
Arlington, MA

More information about the bind-users mailing list