Views causing zone transfer problems?
Scott Lacy
eslacy at gmail.com
Thu Sep 20 14:08:26 UTC 2007
Hi all,
I'm having an odd problem with zone transfers relating to views in Bind 9:
I have a master with one interface, and a slave with two physical
interfaces (10.30.80.5 and 68.143.211.2), one for each view (internal
and external). The problem I am having is that when I do a reload for
one of my zones (regardless of whether it is internal or external),
the slave is consistently querying serial numbers for the external
view. I think it's seeing the master as external, thus it is always
querying the external zone's serial rather than the internal. If I do
it the other way, though, it would always query the internal zone's
serial. Am I going to need to set up a second IP on the master to get
this working properly? Conf files and logs follow. I really
appreciate any help/advice I can get.
Master named.conf:
options {
directory "/var/named";
query-source address * port 53;
allow-transfer { 10.30.80.5; 68.143.211.2; };
};
acl "internalnets" { !68.143.211.2; 10.0.0.0/8; 68.143.211.0/16; };
view "internal" {
match-clients {
internalnets;
};
(miscellaneous zone info here, pretty vanilla)
view "external" {
match-clients { any; };
recursion no;
(miscellaneous zone info here, pretty vanilla)
}
Slave named.conf:
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
notify no;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//68.143.210.80 is the master nameserver
acl "internalnets" { !68.143.210.80; 10.0.0.0/8; 68.143.211.0/16; };
view "internal" {
match-clients {
internalnets;
};
a sample internal zone:
zone "fubar.com" IN {
type slave;
masters { 68.143.210.80; };
transfer-source 10.30.80.5;
file "/var/named/internal/fubar.com";
};
view "external" {
match-clients { any; };
recursion no;
a sample external zone:
zone "fubar.com" IN {
type slave;
masters { 68.143.210.80; };
transfer-source 68.143.211.2;
file "/var/named/external/fubar.com";
};
If I increment the serial on the external zone on the master and
reload via "rndc reload fubar.com IN external" on the master, the
slave logs:
Sep 20 09:18:28 slave-dns named[4951]: client 68.143.210.80#32963:
view external: received notify for zone 'fubar.com'
Sep 20 09:18:28 slave-dns named[4951]: zone fubar.com/IN/external:
Transfer started.
Sep 20 09:18:28 slave-dns named[4951]: transfer of 'fubar.com/IN' from
68.143.210.80#53: connected using 68.143.211.2#37095
Sep 20 09:18:28 slave-dns named[4951]: zone fubar.com/IN/external:
transferred serial 2007060415
Sep 20 09:18:28 slave-dns named[4951]: transfer of 'fubar.com/IN' from
68.143.210.80#53: end of transfer
If I increment the serial on the internal zone on the master and
reload via "rndc reload fubar.com IN internal" on the master, the
slave logs:
Sep 20 09:19:45 slave-dns named[4951]: client 68.143.210.80#32963:
view external: received notify for zone 'fubar.com'
Sep 20 09:19:45 slave-dns named[4951]: zone fubar.com/IN/external:
notify from 68.143.210.80#32963: zone is up to date
More information about the bind-users
mailing list