Shared dynamic zone on external view?

Nicolas C. bind at nryc.fr
Thu Nov 8 14:46:26 UTC 2012


Le 08/11/2012 13:20, /dev/rob0 a écrit :
> On Thu, Nov 08, 2012 at 09:23:05AM +1100, Mark Andrews wrote:
>> In message <509A8796.7060005 at nryc.fr>, "Nicolas C." writes:
>>> I have a dynamic zone on an external view, this zone is updated
>>> with a TSIG key from outside of our network. There is a secondary
>>> DNS server, also outside our network on which zones transfers are
>>> working fine with no key.
>>>
>>> We would like to make one of our internal DNS secondary for this
>>> zone and we have the "dynamic zone shared between views" problem.
>>> I tried to follow the FAQ but no luck so far.
>>>
>>> I'm not sure that what I'm trying to do is possible, can someone
>>> confirm this?
>>>
>>> Should I follow the FAQ and make my dynamic zone "master" on the
>>> "internal" view? That makes less sense to us because this are
>>> public zones, updated from the outsite.
>>>
>>> This is my configuration :
>>>
>>> view "internal" {
>>>     match-clients {
>>>
>>>       !key external;
>>>       key shared;
>>>
>>>       <IPv4/IPv6 ranges including IPv4-of-my-DNS>
>>>     };
>>>
>>>     zone "<my_zone>" {
>>>       type slave;
>>>       file "db.shared-int";
>>>       masters { IPv4-of-my-DNS; };
>>
>> You need to force the internal zone to talk to the external zone.
>>
>> 	masters { IPv4-of-my-DNS key external; };
>
> Should not the master also have an "also-notify" to notify the
> internal zone as well? Or the zone might contain a bogus internal-
> only NS host, but that would seem less appropriate. If the notify
> received is only for the external view, the internal view will only
> update on elapsed SOA expire time.

Yes, it is specified on the FAQ and you can see it in my configuration 
below (also-notify { IPv4-of-my-DNS; };).

It's working now, I had some issues because the DNS server was 100% 
secondary so notifications were disabled globally in "options". When it 
became master for this dynamic zone, it wasn't notifying the internal 
view on the secondary.

Enabling notifications or explicitly notifying the secondary solved the 
problem.

Regards,

Nicolas

>>>       transfer-source IPv4-of-my-DNS;
>>>     };
>>> };
>>>
>>> view "external" {
>>>
>>>     match-clients { !key shared; any };
>>>     allow-transfer { IPv4-of-my-DNS; };
>>>     server IPv4-of-my-DNS; { keys { shared; }; };
>>>
>>>     zone "<my_zone>" {
>>>       type master;
>>>       file "db.shared-ext";
>>>       notify yes;
>>>       also-notify { IPv4-of-my-DNS; };





More information about the bind-users mailing list