special solution needed please
Mark Andrews
marka at isc.org
Sun Dec 20 22:52:21 UTC 2020
Firstly, read your logs, they will most probably tell you what is going wrong.
Secondly, use TSIG between primary and secondary to select views for zone transfers. It is much more reliable.
Thirdly, errors are almost always typos. Using the documentation prefix hides these. You are not writing documentation, you are asking for help with your system. Show the real configuration details.
> On 20 Dec 2020, at 22:27, Walter H. <Walter.H at mathemainzel.info> wrote:
>
> Hello,
>
> I'm using BIND as a caching resolver and also a authoritative DNS server for a '.home.arpa' local used domain;
>
> I have two BINDs, one as a master and the other as a slave;
> also two views are used, because there are some zones
>
> e.g. 100.168.192.in-addr.arpa or some public zones that a 'rewritten' to be solved by a local web server e.g. msftncsi.com
>
> they are only needed on one part of the LAN or are not wanted on the other part of the LAN
>
> lets say the master has 2001:db8:0:0:0::10 and the slave has 2001:db8:0:0:0::1;
>
> the named.conf looks like this:
>
> acl part-common { // this is the ACL for the common part, where some zones are not wanted
> localhost; // or shall this be at the other acl for special part?
> 2001:db8:0:0:0::1; // I thought this would be a good idea
> 2001:db8:0:0:0::10;
> !2001:db8:0:0:0::/80; // not for the special part, but there are the DNS-servers itself, that are common to the complete LAN
> 2001:db8:0:0::/64;
> };
>
> acl part-spcl { // this is the ACL for special part of the lan, which has some extra zones, that are not wanted to be in the common part above;
> !2001:db8:0:0:0::1; // the reason above
> !2001:db8:0:0:0::10;
> 2001:db8:0:0:0::/80; // only the special part with some extra zones
> };
>
> acl slave-dns-ip {
> 2001:db8:0:0:0::1;
> };
>
> masters dns-master { 2001:db8:0:0:0::10; };
>
> view "commonpart" {
> match-clients { part-common; };
> ...
> include "lan.zones";
> };
>
> view "spclpart" {
> match-clients { part-spcl; };
> ...
> include "lan.zones";
> include "extra.zones"; // here are the extra zones
> };
>
> at the master the "lan.zones" looks like this:
>
> zone "lan.home.arpa" IN {
> type master;
> notify yes;
> file "named.zone-lan.home.arpa";
> allow-transfer { slave-dns-ip; };
> allow-update { none; };
> };
>
> at the slave the "lan.zones" looks like this:
>
> zone "lan.home.arpa" IN {
> type slave;
> masters { dns-master; };
> file "slaves/named.zone-lan.home.arpa";
> };
>
> and now the problem
>
> when I modify 'named.zone-lan.home.arpa' and force the transfer to the slave - 'rndc reload',
> the test if this works, fails for clients from the special part explicitly asking the slave - why?
You haven’t shown the slaves configuration. You have only show that of the zone lan.home.arpa. The configuration is much more than that.
> nslookup www.lan.home.arpa 2001:db8:0:0:0::1
> works only from clients not from the special part of the LAN,
> even the zone is in both views ..., a complete restart of BIND resolves this, but this can't be, as this throws away the cached part in memory ...
>
> nslookup www.lan.home.arpa 2001:db8:0:0:0::10
> this works from any client
>
> how can I face this?
>
> any hints/suggestions would be great;
>
> Thanks,
> Walter
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list