[Question] zone transfer issue with multiple views

Lightner, Jeffrey JLightner at dsservices.com
Fri Dec 8 13:33:38 UTC 2017 

When we did it here we setup separate notify-source and transfer-source within the views on both the master and the slave.
view "internal" {
match-clients { internaldns; };
notify-source 10.9.9.8.;
transfer-source 10.9.9.8;
allow-transfer { dnsservers; };
...then our zones for internal view
Internaldns acl is one that we specify servers inside our network.
dnsserrvers acl is one that specifies the primary internal facing IP of the master and the slave

view "external" {
match-clients { any; };
notify-source 10.9.9.9;
transfer-source 10.0.9.9;
allow-transfer { dswadnsalias; };
...then our zones for external view
any allows external locations to query us (we have recursion turned off)
dswadnsalias  acl is one that specifies the alias IPs on the same NIC as the internal facing IP of the master and the slave

The IPs above would be on the master - you'd have separate IPs (but the same ACLs) on the slave.

You can create an alias IP on your primary NIC so for example here we have:
eth1 = 10.9.9.8
eth1:1 = 10.0.9.9
(In our config eth0 is the one we use for external facing traffic - eth1 is used for internal including zone transfers)




From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Eoin Kim
Sent: Thursday, December 07, 2017 8:05 PM
To: bind-users at lists.isc.org
Subject: [Question] zone transfer issue with multiple views

Hi all,

I wonder if anyone can help me find the cause of the problem I am currently having. I am testing BIND with two views - internal, external. Everything seems okay except for one thing - zone transfer doesn't look happening for reverse zone for external view. On my slave server, I can see the following log message:

08-Dec-2017 10:55:59.247 general: info: zone 0.20.172.in-addr.arpa/IN/external: refresh: unexpected rcode (NXDOMAIN) from master 192.168.0.7#53 (source 0.0.0.0#0)

Servers are using TSIG for zone transfer. It looks like zone transfer itself working for all other zones except for reverse zone for external view. Could I please get help if possible? I am using Debian Jessie and BIND was installed from its repository. I am willing to post BIND configurations if needed. Thanks a lot.

Eoin Kim
Systems Administrator

RCS Telecommunications
Level 1 - The Annexe
133 Mary Street
Brisbane, QLD, 4000
Office:   07 3228 0843
Mobile: 0419 726 231

[RCST logo drop shadow]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171208/91c10493/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 4859 bytes
Desc: image002.jpg
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171208/91c10493/attachment.jpg>

More information about the bind-users mailing list