Zone Transfer issue on BIND9
John Wingenbach
bind at wingenbach.org
Sat Aug 25 15:48:47 UTC 2012
The problem pointed out in your 'match-clients' is the first glaring
problem.
What you need to understand is that from the point of BIND, your slave
server is treated the same (from the view ) as any "client" for the
master and vice versa.
So, the communication between master and slave needs to be taken into
account along with "real" clients.
Breaking down your views along w/ the files, it appears you want to
have 3 unique zone files for the same domains being transferred from
master to slave. That means you need to define 3 unique paths between
master and slave. Given that, if you are going to only use one IP, you
need to use 2 keys. For example, TSIG1-KEY, TSIG2-KEY and the 'other'
match.
I'd heavily recommend following the other advice and simplify your test
scenario. Get the communication working for a single unique zone file
across the 3 views between the master and slave. Then add in whatever
other acls needed to support non-master/slave comm. Once you have
that, then augment it with the rest of zones you need to support.
-- John
More information about the bind-users
mailing list