Bind 9.1.3 Transfers and Views
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Sat Nov 3 23:45:23 UTC 2001
> I am having trouble getting my slave to tranfer the zones correctly
> from the master. I have 2 nameservers configured with views and lie
> behind a firewall with NAT enabled. One of the views is for machines
> behind the firewall (internal netork) and the other view is for
> machines from the Internet. The problem that I am running into is that
> my slave is requesting the zones transfers from the master and its
> not getting the correct zone for the outside world view. The slave is
> getting the interal representation instead of the external
> representation. I only have these 2 machines at my disposal, so I
> would really like to figure out a way to get this to work. Does anyone
> have any ideas how to get this to work with these 2 machines? The
> condensed version of my configuration files are listed below. Zones
> such as the loopback and hints are left out. Any help is greatly
> appreciated. Thanks in advance.
>
> Master Server:
>
> view "internal" {
> match-clients{ 10.0.1/24; };
> allow-transfer{ 10.0.1.2; };
> recursion yes;
>
> zone "domain.com" in {
> type master;
> file "zones/db.domain.com-internal";
> }
>
> zone "1.0.10.in-addr.arpa" in {
> type master;
> file "zones/db.10.0.1";
> };
>
> view "external" {
> match-clients{ any; };
> allow-transfer{ 10.0.1.2; };
> recursion no;
>
> zone "domain.com" in {
> type master;
> file "zones/db.domain.com-ext"
> };
>
> zone "y.x.w.in-addr.arpa" in {
> type master;
> file "zones/db.w.x.y";
> };
> };
>
> Slave Server:
>
> view "internal" {
> match-clients{ 10.0.1/24; };
> recursion yes;
>
> zone "domain.com" in {
> type slave;
> masters { 10.0.1.3; };
> file "zones/bak.domain.com-int";
> };
>
> zone "1.0.10.in-addr.arpa" in {
> type slave;
> masters { 10.0.1.3; };
> file "zones/bak.10.0.1";
> };
> };
>
> view "external" {
> match-clients{ any; };
> recursion no;
>
> zone "domain.com" in {
> type slave;
> masters { 10.0.1.3; };
> file "zones/bak.domain.com-ext";
> };
>
> zone "y.x.w.in-addr.arpa" in {
> type slave;
> masters { 10.0.1.3; };
> file "zones/bak.w.x.y";
> };
> };
>
>
>
>
You will need to give the master and slave multiple IP addresses
and use those to make sure you reach the correct view on the other
machine.
e.g.
Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
internal:
match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
notify-source 10.0.1.1;
transfer-source 10.0.1.1;
query-source 10.0.1.1;
external:
match-clients { any;}
recursion no; // don't offer recursion to the world
notify-source 10.0.1.2;
transfer-source 10.0.1.2;
Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
internal:
match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
notify-source 10.0.1.3;
transfer-source 10.0.1.3;
query-source 10.0.1.3;
external:
match-clients { any;}
recursion no; // don't offer recursion to the world
notify-source 10.0.1.4;
transfer-source 10.0.1.4;
You put the external address on the alias so that all the other
dns clients on these boxes see the internal view by default.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list