View selection via TSIG
marka at isc.org
Tue Aug 18 04:08:01 UTC 2009
In message <96123FB1-1F2E-493C-BBB8-24A86A1DD99A at tcbug.org>, Josh Paetzel write
> On Aug 16, 2009, at 12:26 AM, Mark Andrews wrote:
> > In message <5EA10B89-4650-4F82-A41D-CB511CE2A9A9 at tcbug.org>, Josh
> > Paetzel write
> > s:
> >> I've googled a bit and been unable to find the solution that I need.
> >> I have a master nameserver that has 4 views configured. I have a
> >> slave for this that is currently using 4 IPs to slave the views.
> >> This
> >> works fairly well, except that the slave server is unable to handle
> >> NOTIFY from the master. So when I do an update to a zone I have to
> >> stop the slave, delete it's cache files, and restart it. The slave
> >> is
> >> able to properly load zones, since it uses the correct IPs to
> >> transfer
> >> the zones, and it gets the right views, all is well.
> >> I've read that BIND 9.3 can use TSIG for view selection, but all I've
> >> ben able to find is using TSIG for one view, and no TSIG for the
> >> other
> >> view. What I would like to do is configure four separate TSIG keys
> >> and do view selection based on which key is used.
> >> Is this possible? And where can I find documentation on it?
> > Yes. Read the FAQ.
> I read the FAQ, and there was a question entitled "How to share a
> dynamic zone between multiple views?" that seemed to get me most of
> the way there. I am now running my slave nameserver on one IP, and
> zones transfers seem to work fine. NOTIFY also seems to work for
> every view but the external view. This is somewhat perplexing to me.
> Tomorrow I plan on turning on logging for NOTIFY to see if I can at
> least determine what is going on.
> If you have any tips or common gotchas feel free to let me know.
> Josh Paetzel
You need to make the notify go to the correct view by using
appropriate server clauses at the view level. It's a matter
of making what the master sends match what the client expects.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users