Named group of servers, to use it in a zone statement

POULET Benoit Benoit.Poulet at eolas.fr
Wed Nov 19 12:47:34 UTC 2025 

Hi Colin,

Can I add the that the problem is present on a secondary, in the "primaries" parameter :

remote-servers primaries-server-list {
  10.64.1.46;
};

zone "64.10.in-addr.arpa" {
        type secondary;
        file "/var/cache/bind/internal/64.10.in-addr-arpa.db";
        primaries {
              primaries-server-list key internal-key;
        };
};

named-checkconf
/etc/bind/zones.reverse.internal.conf:5: unexpected token 'internal-key'


Regards.

________________________________
De: Colin Vidal <colin at isc.org>
Envoyé: Mercredi 19 novembre 2025 11:47
À: Anand Buddhdev <anandb at ripe.net>; POULET Benoit <Benoit.Poulet at eolas.fr>; bind-users at lists.isc.org <bind-users at lists.isc.org>
Objet: Re: Named group of servers, to use it in a zone statement

[Vous ne recevez pas souvent de courriers de colin at isc.org. Découvrez pourquoi ceci est important à https://aka.ms/LearnAboutSenderIdentification ]

Hi Benoit, Anand,

Using `primaries` instead of `remote-servers` does not solves the
problem for me here (I tried on 9.18, 9.20 and the development branch).
Note that `primaries` and `remote-servers` are essentially synonyms;
see https://bind9.readthedocs.io/en/stable/changelog.html#id25

It sounds like a bug.
https://gitlab.isc.org/isc-projects/bind9/-/issues/5646

In meantime the key can be defined per-IP address, although it's not
convenient:

        remote-servers secondaries-server-list {
          10.64.1.43 key internal-key;
          10.64.1.44 key internal-key;
          10.128.37.66 key internal-key;
          10.128.37.67 key internal-key;
        };

Regards,
Colin Vidal

On Wed, 2025-11-19 at 14:23 +0530, Anand Buddhdev wrote:
> On 19/11/2025 14:08, POULET Benoit wrote:
>
> Hi Benoit,
>
> > Do you know if we can set a named group of servers to use it in a
> > zone statement ?
>
> Yes, you can.
>
> > The goal is to do something like this to notify the secondaries,
> > this way I can set only one time my IPs and call them by the name
> > in the zone
> > statement :
> >
> > remote-servers secondaries-server-list {
>
> Use the keyword "primaries" instead of "remote-servers".
>
> >    10.64.1.43;
> >    10.64.1.44;
> >    10.128.37.66;
> >    10.128.37.67;
> > };
>
> Regards,
> Anand
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20251119/1f811cb2/attachment.htm>

More information about the bind-users mailing list