View selection via TSIG

Mark Andrews marka at isc.org
Wed Aug 19 23:30:27 UTC 2009


In message <6913B169-0B0E-42E0-BC30-92D188036688 at tcbug.org>, Josh Paetzel write
s:
> 
> On Aug 19, 2009, at 11:07 AM, Kirk wrote:
> 
> >
> >> logging {
> >>        channel my_log {
> >>                file "/var/log/bind/named.log" versions 3 size 5m;
> >>                severity warning;
> >>                print-time yes;
> >>                print-severity yes;
> >>                print-category yes;
> >>        };
> >>        category "notify" {
> >>                my_log;
> >>        };
> >> };
> >> I've changed the category to default to make sure that it can log  
> >> that and it can.
> >> Thanks,
> >> Josh Paetzel
> >
> > Josh,
> >
> > I can't answer your question about views, but here is the pertinent  
> > logging statements I am using and seems to work.
> >
> > channel "notify" {
> > 	file "logs/notify_log" versions 2 size 1m;
> > 	print-time yes;
> > 	};
> > category "notify" { notify; };
> >
> > If you are running chroot you might wanna verify that named can log  
> > to the directory you listed in your logging statement.
> >
> 
> 
> Thanks.  That worked, and I was quickly able to see what I was doing  
> wrong.  My primary nameserver was matching an IP in one of the  
> views.   So all the notifies were seen by slave as being in that one  
> view.  IPs override keys.

Acl matches are order sensitive.  The !key is in the examples to prevent
the signed message matching the view and moving onto the next one.
 
> Issue solved, thanks everyone who helped.
> 
> Thanks,
> 
> Josh Paetzel
> 
> 
> 
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list