Transfert zone with multi-views to slave server
Barry Margolin
barmar at alum.mit.edu
Wed Dec 21 21:07:51 UTC 2005
In article <dob3hf$j6q$1 at sf1.isc.org>,
"Studer Olivier" <Olivier.Studer at hefr.ch> wrote:
> Hello,
>
> I have read this news http://sysadmin.oreilly.com/news/views_0501.html
> but it's only specified for two views update the all zone.
>
> But on my primary server, thye are three views, one for the
> vpn_connection (with a range of my class B), one internal (the all class
> B), and one for the external. Now my problem is how to configure the
> named.conf file on the master and the slave server to have automatic
> zone tranfer. I don't know if how to configure this both file to have
> this functionnality.
The solution for three views should be the same as for two views. For
each view, the transfer-source address on the slave has to be in the
corresponding match-client list on the master.
So you want:
view "vpn_view" {
match-clients { x.x.8.201; vpn;};
...
};
view "internal" {
match-clients { x.x.8.200; internals;};
...
};
>
> My configuration of the both servers is :
> Solaris 10 (no container)
> SMC BIND 9.3.1 for www.sunfreeware.com
> Sun Fivre V100
>
> named.conf from master server
> ========================
> // ACL configuration
> // definition des ip client VPN
> acl "vpn" { x.x.163.0/24; };
>
> // definition des ip client intern
> acl "internals" { x.x.0.0/16; };
>
> // definition du ou des serveurs dns esclave
> acl "slaves" { x.x.8.103; x.x.8.200; x.x.8.201; };
>
> // definition de l'acl pour authoriser le serveur de faire des requetes
> acl "itself" { localhost; x.x.8.102; };
>
> options {
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
>
> query-source address * port 53;
>
> allow-query { any; };
>
> version "";
>
> allow-transfer { slaves; };
>
> notify yes;
> };
>
> // definition la structure de la cle par ce host
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
> };
>
> // section de logging
> logging {
> channel chan1 {
> severity debug 3;
> file "/var/named/data/log.txt";
> print-time yes;
> print-severity yes;
> print-category yes;
> };
> category "default" {
> chan1;
> };
> };
>
> // View VPN
> view "vpn_view" {
> match-clients { !1x.x..8.200; !x.x.8.201; vpn; };
>
> zone "hefr.ch" in {
> type master;
> file "hefr.hosts.vpn_view";
> allow-update {none;};
> allow-transfer { none; };
> also-notify { x.x.8.201; };
> };
> };
>
> //View Internal
> view "internal_view" {
> match-clients { !x.x.8.200; !x.x.8.201; internals; };
> zone "hefr.ch" in {
> type master;
> file "hefr.hosts.internal_view";
> allow-update {none;};
> allow-transfer { any; };
> };
> };
>
> //View external
> view "external_view" {
> match-clients { any; };
>
> recursion no;
>
> allow-query { any; };
>
> zone "hefr.ch" in {
> type master;
> file "hefr.hosts";
> allow-update {none;};
> allow-transfer { none; };
> also-notify { x.x.8.200; };
> };
> };
>
>
> named.conf from slave server
> =====================
> // ACL configuration
> // definition des ip client VPN
> acl "vpn" { x.x.163.0/24; };
>
> // definition des ip client intern
> acl "internals" { x.x.0.0/16; };
>
> // definition du ou des serveurs dns esclave
> acl "slaves" { x.x.8.103; };
>
> // definition de l'acl pour authoriser le serveur de faire des requetes
> acl "itself" { localhost; x.x.8.103; };
>
> options {
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
>
> query-source address * port 53;
>
> allow-query { any; };
>
> version "";
>
> allow-transfer { none; };
> };
>
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
> };
>
> logging {
> channel chan1 {
> severity debug 3;
> file "/var/named/data/log.txt";
> print-time yes;
> print-severity yes;
> print-category yes;
> };
> category "default" {
> chan1;
> };
> };
>
> // View VPN
> view "vpn_view" {
> match-clients { vpn; };
>
> zone "hefr.ch" in {
> type slave;
> masters { x.x.8.102; };
> file "hefr.hosts.vpn_view";
> transfer-source x.x.8.201;
> allow-transfer { any; };
> };
> };
>
> //View Internal
> view "internal_view" {
> match-clients { internals; };
>
> zone "hefr.ch" in {
> type slave;
> masters { x.x.102; };
> file "hefr.hosts.internal_view";
> transfer-source x.x.8.103;
> allow-transfer { any; };
> };
>
> };
>
> //View external
> view "external_view" {
> match-clients { any; };
> recursion no;
>
> allow-query { any; };
>
> zone "hefr.ch" in {
> type slave;
> masters { x.x.8.102; };
> file "hefr.hosts";
> transfer-source x.x.8.200;
> allow-transfer { none; };
> };
> };
>
>
> I need an urgent help for this problem.
>
> Thanks for your help
> /Olivier
>
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list