Zone transfer master -> slave using views on same subnet.
bsd
bsd at todoo.biz
Sat Jan 6 11:55:13 UTC 2007
Hello,
I am fighting to be able to have complete zone transfer between
Master and Slave with view configured, knowing that both Master and
Slave are on the same subnet.
Both servers are located on the 192.168.2.0 network. They are reached
with NAT through the IP 78.87.206.98 (Master) 78.87.206.99 (Slave).
Master is 192.168.2.2 and Slave 192.168.2.3
I have followed the example provided on the FAQ using TSIG zone
transfer between Master and Slave.
It is working quite ok on the "interne" view but not on the "externe"
view.
Any help would be greatly apreciated.
THx in advance.
####################
# Master
####################
key "externe" {
algorithm hmac-md5;
secret "cduzN45KImfVsTkuwt4DpDunf9z3BlMV0idz+y03En0=";
};
acl interne { 192.168.2.0/24; 127.0.0.1; };
acl reseau { 78.87.206.96/28; 127.0.0.1; 82.66.93.242;
192.168.2.0/24; };
options {
directory "/etc/namedb/zones";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
zone-statistics yes;
query-source address * port 53;
allow-transfer {
78.87.206.99;
192.168.2.3;
195.115.46.198;
80.67.173.196;
199.242.242.199;
195.141.133.18;
195.141.133.17;
217.70.177.40;
195.115.141.1;
195.115.141.4;
194.6.128.4;
213.186.62.200;
};
allow-recursion { reseau; };
version "mind your own business!";
blackhole {
};
};
// Vue interne du reseau ToDoo en 192.168.2.0
view interne {
match-clients { !key externe; interne; };
// notify no;
zone "rma.fr" {
type master;
file "local/hosts.rma.fr";
};
zone "tomo.biz" {
type master;
file "local/hosts.tomo.biz";
};
zone "2.168.192.in-addr.arpa" {
type master;
file "local/hosts.2.168.192.in-addr.arpa";
};
};
//--- Cache ---
view externe {
match-clients { key externe; any; };
server 192.168.2.3 { keys externe; };
recursion no;
zone "." {
type hint;
file "named.ca";
};
//--- Reverse ---
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
//--- Zone reverse de nos clients ---//
zone "73.66.91.81.in-addr.arpa" {
type master;
file "hosts.73.66.91.81.in-addr.arpa";
};
//--- Slaves for Aeroports de paris ---
zone "alloco.com" {
type slave;
masters { 87.98.206.98 ; };
file "hosts.alloco.com";
allow-transfer { none; };
};
############
Slave
############
key "externe" {
algorithm hmac-md5;
secret "cduzN45KImfVsTkuwt4DpDunf9z3BlMV0idz+y03En0=";
};
acl interne { 192.168.2.0/24; 127.0.0.1; };
acl reseau { 127.0.0.1; 192.168.2.0/24; 82.66.93.242;
78.87.206.97/28; };
options {
directory "/zones";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
query-source address * port 53;
max-transfer-time-in 1800;
max-transfer-idle-in 900;
version "mind your own business!";
blackhole {
};
allow-recursion { reseau; };
};
view interne {
match-clients { !key externe; interne; };
zone "rma.fr" {
type slave;
masters { 192.168.2.2; };
file "hosts.rma.fr.interne";
};
zone "tomo.biz" {
type slave;
masters { 192.168.2.2; };
file "hosts.tomo.biz.interne";
};
zone "2.168.192.in-addr.arpa" {
type slave;
masters { 192.168.2.2; };
file "hosts.2.168.192.in-addr.arpa";
};
};
view externe {
match-clients { key externe; any; };
server 192.168.2.2 { keys externe; };
// recursion no;
//--- Cache ---
zone "." {
type hint;
file "named.root";
};
//--- Reverse ---
zone "0.0.127.in-addr.arpa" {
type master;
file "localhost.rev";
};
zone "alloco.fr" {
type slave;
masters { 78.87.206.98 ; };
file "hosts.alloco.fr";
allow-transfer { none; };
};
…
};
________________________________________________
«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Gregober ---> PGP ID --> 0x1BA3C2FD
bsd @at@ todoo.biz
________________________________________________
«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
P "Please consider your environmental responsibility before printing
this e-mail"
More information about the bind-users
mailing list