Need assistance with configuring external zone on a 2nd CentOS 7 bind v9.4.4 dns slave

William Clarke wclarke at simons-rock.edu
Wed Apr 8 17:23:19 UTC 2015 

WOW!!! Thank you so much Barry... external zone is now transferring. 
Thank you thank you thank you...

William Clarke
ITS System Administrator
Bard College at Simon's Rock
84 Alford Road
Great Barrington, MA  01230
(413) 528-7428 (voice)
(413) 528-7405 (fax)
wclarke at simons-rock.edu

On 4/8/2015 12:26 PM, Barry Margolin wrote:
> In article <mailman.1916.1428507901.26362.bind-users at lists.isc.org>,
>   William Clarke <wclarke at simons-rock.edu> wrote:
>
>> Barry,
>>
>> Thanks you. I appreciate your response Barry. I'm fairly new to Bind and
>> DNS and have gotten a bit lost. Is there any way you can provide a
>> little more information for me? Am I not correct in saying that I'm
>> already using TSIG keys in the include lines?
> You need to use the TSIG key in the "match-clients" clause so it will be
> used to select the appropriate view.
>
> view "internal" {
>     match-clients { !key slave-external; !192.168.1.4; 10.0.0.0/8;
> 192.168.0.0/16; 127.0.0.0/8; };
>     allow-transfer { key slave-internal; };
>     ...
> }
> view "external" {
>     match-clients { any; };
>     allow-transfer { key slave-external; };
>     ...
> }
>
>> ------------------------------------------------------------
>> view "external" {
>>           match-clients { any; };
>>           allow-transfer { key slave-external; };
>> ....
>> ...
>> ..
>> include "/etc/rndc.key";
>> include "/etc/transfer-internal.key";
>> include "/etc/transfer-external.key";
>> ------------------------------------------------------------
>>
>> /var/named/chroot/etc/transfer-external.key
>> key "slave-external" {
>>           algorithm       hmac-md5;
>>           secret          "blahblahblahblahblah";
>> };
>>
>> Thanks,
>>
>> William Clarke
>> ITS System Administrator
>> Bard College at Simon's Rock
>> 84 Alford Road
>> Great Barrington, MA  01230
>> (413) 528-7428 (voice)
>> (413) 528-7405 (fax)
>> wclarke at simons-rock.edu
>>
>> On 4/8/2015 10:54 AM, Barry Margolin wrote:
>>> In article <mailman.1910.1428503936.26362.bind-users at lists.isc.org>,
>>>    William Clarke <wclarke at simons-rock.edu> wrote:
>>>
>>>> Resending because the message was over 40K... I removed most of the
>>>> internal\external zones and logs to shorten the message.
>>>> We have a split DNS chrooted master\slave setup running on CentOS 5.11.
>>>> I have 3 named.conf files below, Working master, working slave and a new
>>>> CentOS 7 non-working slave that I'm trying to spin up. The internal
>>>> zones do get transferred\updated however theexternal zones aren't
>>>> transferring at all, the master doesn't even have any mentioning of
>>>> external transfers for this specific slave. I have a hunch that this is
>>>> either happening because I don't have multiple network adapters
>>>> configured ie split DNS for slave or possibly a hostname issue. I tried
>>>> to basically mirror the setup of my new slave all except the ip address.
>>>> My new slave is 192.168.1.224. The instructions I followed to set this
>>>> up was from:
>>>> http://www.ehowstuff.com/how-to-setup-bind-chroot-dns-server-on-centos-7-0-
>>>> vps
>>>> /
>>> Since the new slave only has one address, you can't use the IP to
>>> distinguish which view should be sent in a zone transfer. You need to
>>> use TSIG keys.
>>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150408/d5527258/attachment.html>

More information about the bind-users mailing list