problem with notifies to secondary when both servers have internal IPs

Chris Buxton cbuxton at menandmice.com
Wed Sep 17 18:30:40 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ignoring the mention of views and private namespace, the issue is how  
to get notify working between two servers that can't talk to each  
other through their public addresses, because the NAT server doesn't  
support that. (Bad NAT server, IMO, but that doesn't really answer the  
question.)

The answer is to use this:

also-notify { 172.16.0.1; };
notify expicit;

Put those in your options statement on the master server. The second  
one disables the automatic determination of who to notify. The first  
adds the specified list of slave servers. Taken together, they replace  
the default behavior with this specified list of addresses.

You can leave off the second statement if you also have outside slaves  
and want to automatically notify them. Your master would then try to  
notify the internal slave through both public and private addresses,  
and the one to the public address would simply fail - possibly no big  
deal.

Chris Buxton
Professional Services
Men & Mice

On Sep 17, 2008, at 11:11 AM, Michael Varre wrote:

> I used to have my servers setup with views to handle internal  
> queries and
> external queries respectively.  I've since gotten rid of the  
> internal view,
> and setup to new internal ONLY bind server that works beautifually and
> answers only to internal devices.  no public access is available to  
> this
> server and it primarily answers with private 172/192 addresses.
> All my servers are benind a firewall and are accessed from the  
> outside using
> static nat routes.  so the public IP is on the FW, and all servers,
> including all bind servers have 172 addresses.
>
> I'm now trying to button up my new ns1/ns2 bind servers that will be
> answering queries from the outside world.  answers from this box  
> will be
> public IPs, not the 172/192's.
>
> My problem is, because my nameserver name resolves to one ip from the
> outside (public ip), and another ip from the inside (private ip),  
> how am i
> supposed to get notifies working as it is attempting to use the  
> resolved
> name it already hosts....and in the case of the ns1/ns2 for public  
> use, it
> resolves to the public address, for which it of course cannot  
> communicate
> with because they are each on the same private lan.
>
> I hope i explained this in a way that everyone can understand.
>
> Thanks!
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkjRTNAACgkQ0p/8Jp6Boi07pACeMoW0sQ0BCrCO41Tza5vxUkOd
EUYAn3BIZGxj/OGw7lDbgxSRr676jTjN
=0E7O
-----END PGP SIGNATURE-----

More information about the bind-users mailing list