views: getting a secondary to mirror a primary split dns with transfer-source?

Mark_Andrews at isc.org Mark_Andrews at isc.org
Tue Nov 18 00:37:29 UTC 2003


> Hi,
> 
> I've just migrated a Primary & Secondary to using Views on Bind 9.2.1.
> The idea is to present and internal view to Intranet hosts, and an
> external view to the Internet.
> 
> This has worked out fine on the primary, the published address spaces
> are as expected. However, on the secondary, the full (internal)
> namespace is mirrored to both internal and external view.
> 
> I searched the FAQ and this group for relevant discussions, of which
> there a few lively ones, but no solution on exactly how to get the
> secondary to only transfer the external view from the primary for that
> namespace. (I would prefer to stay with Bind rather than change to
> another product).
> 
> I saw one suggestion to use "transfer-source" on the secondary, to use
> a different IP when transferring from the primary.
> view "internal" {    
>   match-clients { intranets; };
>   allow-transfer { int-nameservers; };
>   transfer-source A.B.C.D;  // special source for Internal ZoneTx
> ....
> view "external" {
>   match-clients { any; };
>   allow-transfer { external-nameservers; };
>   transfer-source E.F.G.H; 
> 
> Then on the primary, I added the IP address A.B.C.D to the acl for
> allow-transfer of Internal, and E.F.G.H for external.
> 
> BUT, the two tables internal and external, mirrored on the secondary,
> are infact identical and correspond to the internal namespace.
> 
> Ideas? Suggestions? Surely this is a classical Split DNS problem?
> 
> Regards,
> 
> Sean
> 

	You need to ensure that the transfer source for the external
	view in NOT part of the internal view on the master.
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list