views: getting a secondary to mirror a primary split dns with transfer-source?
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Tue Nov 18 00:37:29 UTC 2003
> Hi,
>
> I've just migrated a Primary & Secondary to using Views on Bind 9.2.1.
> The idea is to present and internal view to Intranet hosts, and an
> external view to the Internet.
>
> This has worked out fine on the primary, the published address spaces
> are as expected. However, on the secondary, the full (internal)
> namespace is mirrored to both internal and external view.
>
> I searched the FAQ and this group for relevant discussions, of which
> there a few lively ones, but no solution on exactly how to get the
> secondary to only transfer the external view from the primary for that
> namespace. (I would prefer to stay with Bind rather than change to
> another product).
>
> I saw one suggestion to use "transfer-source" on the secondary, to use
> a different IP when transferring from the primary.
> view "internal" {
> match-clients { intranets; };
> allow-transfer { int-nameservers; };
> transfer-source A.B.C.D; // special source for Internal ZoneTx
> ....
> view "external" {
> match-clients { any; };
> allow-transfer { external-nameservers; };
> transfer-source E.F.G.H;
>
> Then on the primary, I added the IP address A.B.C.D to the acl for
> allow-transfer of Internal, and E.F.G.H for external.
>
> BUT, the two tables internal and external, mirrored on the secondary,
> are infact identical and correspond to the internal namespace.
>
> Ideas? Suggestions? Surely this is a classical Split DNS problem?
>
> Regards,
>
> Sean
>
You need to ensure that the transfer source for the external
view in NOT part of the internal view on the master.
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list