views: getting a secondary to mirror a primary split dns with transfer-source?

Sean Boran sean at boran.com
Mon Nov 17 16:42:21 UTC 2003


Hi,

I've just migrated a Primary & Secondary to using Views on Bind 9.2.1.
The idea is to present and internal view to Intranet hosts, and an
external view to the Internet.

This has worked out fine on the primary, the published address spaces
are as expected. However, on the secondary, the full (internal)
namespace is mirrored to both internal and external view.

I searched the FAQ and this group for relevant discussions, of which
there a few lively ones, but no solution on exactly how to get the
secondary to only transfer the external view from the primary for that
namespace. (I would prefer to stay with Bind rather than change to
another product).

I saw one suggestion to use "transfer-source" on the secondary, to use
a different IP when transferring from the primary.
view "internal" {    
  match-clients { intranets; };
  allow-transfer { int-nameservers; };
  transfer-source A.B.C.D;  // special source for Internal ZoneTx
....
view "external" {
  match-clients { any; };
  allow-transfer { external-nameservers; };
  transfer-source E.F.G.H; 

Then on the primary, I added the IP address A.B.C.D to the acl for
allow-transfer of Internal, and E.F.G.H for external.

BUT, the two tables internal and external, mirrored on the secondary,
are infact identical and correspond to the internal namespace.

Ideas? Suggestions? Surely this is a classical Split DNS problem?

Regards,

Sean


More information about the bind-users mailing list