bind9 split views, internal view leaked out???

Simon Hobson shobson0309 at colony.com
Mon Nov 17 08:54:08 UTC 2003


news.callatg.com wrote:
>I "tried" to setup split dns at my site, but it became a mess, and my ISP's
>dns somehow got an update from me that contained my internal view!?! So I
>disabled my secondary dns for now to figgure it out - any help would be
>appreciated - heres the details of my setup:
>
>INTERNET ----> ROUTER/NAT ----> 192.168.1.0 network + DNS1 + DNS2
>
>DNS1: 192.168.1.110
>DNS2: 192.168.1.111
>Router translates outside address 64.42.17.169 to 192.168.1.110, and
>64.42.17.170 to 192.168.1.111
>So my DNS servers to the outside world are 64.42.17.169 & .170, but the
>machines are really the above 192 addy.

<snip>

>view "external" {  // view of our zones for the rest of the world
>
>         match-clients { any; };
>
>         zone "." {
>                 type hint;
>                 file "named.root";
>         };
>
>         zone "0.0.127.IN-ADDR.ARPA" {
>                 type master;
>                 file "localhost.rev";
>                 notify no;
>         };
>
>         zone "oemsupport.com" {
>                 type slave;
>                 masters { 64.42.17.169; };
>                 file "backup.oemsupport.com.zone";
>         };
>
>         zone "oe.17.42.64.in-addr.arpa" {
>                 type slave;
>                 masters { 64.42.17.169; };
>                 file "backup.oe.17.42.64.in-addr.arpa.zone";
>         };
>};

My guess is that DNS2 has gone to do a transfer from DNS1, but DNS1 
sees the source address of the query as 192.168.1.111 instead of 
64.42.17.170. Therefore it serves up the INTERNAL view to DNS2.

At some point after that, your ISP has done a zone transfer, and 
selected the zone file from your internal view as it almost certainly 
has a higher serial number.

Simon

-- 

NOTE: This is a throw-away email address which will reach me for as 
long as it stays spam-free, remove date for real address.

Simon Hobson, Technology Specialist
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101

Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.


More information about the bind-users mailing list