Question on query-source, transfer-source, notify-source

Chris Buxton chris.p.buxton at gmail.com
Thu Jul 29 03:12:04 UTC 2010


Why do you need 3 DNS interfaces on one box? Why do you need the extra
interface?

Perhaps you could simplify, or split the three addresses across
multiple hosts, or even run multiple instances of named on each box.

Regards,
Chris

On 7/28/10, Barry Finkel <b19141 at anl.gov> wrote:
> I have a BIND config question.  First some history.
>
> My initial two DNS servers (A and B) had three NICs and three IP
> addresses.  Then I installed two additional servers (C and D),
> each with one NIC; each server has one base address and one DNS address.
> All four servers run Solaris.  When I installed C and D, I placed in
> the config file
>
>      query-source address <dns-address>;
>      transfer-source <dns-address>;
>      notify-source <dns-address>;
>
> Then we changed servers A and B to new hardware, and we have in
> addition to the three NICs each, a base, non-DNS address for each.
> We made no config file changes, and no users have reported problems.
> These "new" servers A and B have been running for a few years.
>
> Now, I am converting all four servers to an Ubuntu platform, and I am
> revisiting the config file.  In looking through various firewall and
> DNS query logs, I see that machines A and B are using the non-DNS
> address for DNS activity.  A and B are sending queries to the Internet
> and queries to the hidden BIND master via the non-DNS addresses.
> The Internet queries are being blocked at the firewall because we do
> not allow non-registered DNS addresses to send DNS queries to the
> Internet, and the non-DNS addresses have no firewall conduits.
> I can add three options directives above, as I have done on servers
> C and D, but the ARM seems to imply that I can list only one address
> in each directive, and I have three DNS addresses for each server.
>
> The BIND is 9.7.x on all machines.  Does anyone have suggestions?
> Thanks.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Computing and Information Systems Division
> Argonne National Laboratory          Phone:    +1 (630) 252-7277
> 9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
> Building 240, Room 5.B.8             Internet: BSFinkel at anl.gov
> Argonne, IL   60439-4828             IBMMAIL:  I1004994
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

-- 
Sent from my mobile device



More information about the bind-users mailing list