turn off notifies for internal view?

Chris Buxton cbuxton at menandmice.com
Mon Nov 19 18:54:29 UTC 2007


The notify packets from the external master are being routed to the  
internal view. This is most likely caused by your match-clients  
statement (or other match-* statements) in your view statements.

If the internal view is defined first, add a "! 192.168.1.1;" to the  
front of the match-clients ACL. For example, if it currently says this:

match-clients { 192.168.1/24; };

change it to this:

match-clients { ! 192.168.1.1; 192.168.1/24; };

That should solve the problem, assuming your setup matches the  
assumptions laid out above. However, there are many, many ways to  
configure views, and so we (the list) would have to see your view  
statements (in order, not necessarily including zone statements) in  
order to properly advise you.

Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone:   +354 412 1500
Email:   cbuxton at menandmice.com
www.menandmice.com

Men & Mice
We bring control and flexibility to network management

This e-mail and its attachments may contain confidential and  
privileged information only intended for the person or entity to which  
it is addressed. If the reader of this message is not the intended  
recipient, you are hereby notified that any retention, dissemination,  
distribution or copy of this e-mail is strictly prohibited. If you  
have received this e-mail in error, please notify us immediately by  
reply e-mail and immediately delete this message and all its attachment.



On Nov 19, 2007, at 9:09 AM, <aklist_bind at enigmedia.com> <aklist_bind at enigmedia.com 
 > wrote:

> Hi All: I have a new install of 9.4.1-p1 on FreeBSD 6.2. This is a  
> backup
> (or secondary) nameserver sitting inside a NAT'd subnet.
>
> I have two views set up on the server, an "internal" view used by  
> the local
> subnet and an "external" view that serves all the public domain data.
>
> Everything in the "external" view is backup zone data pulled from the
> primary NS.
>
> Everything in the "internal" view is "primary" data for the local  
> subnet.
> When I reload BIND, I see a lot of messages in /var/messages like:
>
> Nov 19 12:49:43 ns1 named[931]: client 192.168.1.1#56269: view  
> internal:
> receive
> d notify for zone 'domain1.com': not authoritative
> Nov 19 12:49:43 ns1 named[931]: client 192.168.1.1#56269: view  
> internal:
> receive
> d notify for zone 'domain2.com': not authoritative
>
> where domain1 and domain2 are zones on the primary NS. Is there a  
> statement
> to globally block updates from the internal view? Like "allow-update  
> no"?
>
> Currently the only two statements in the "internal" view are:
>
> match-clients { "localsubnet"; };
> recursion yes;
>
> (followed by the individual zone statements for the internal view)
>
> TIA.
>
>



More information about the bind-users mailing list