<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
Hi<br>
<br>
I've a BIND setup with my ISP with two views, one external and one
internal. At the same time I also need to be able to do a dynamic
update from some addresses within the internal range. This worked ok
before I had to define my two views. <br>
<br>
I'd be very grateful if someone could suggest what I'm doing wrong.
My ISP is running BIND 9.11.4.<br>
<br>
Due to the ISPs need to have control over the BIND setup I'm just
allowed to add my config via include files.<br>
<br>
<br>
<p class="MsoNormal"><span lang="EN-US">Zones.mydomains.config file
contains:<br>
</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">include "keys/mydomains-keys.conf";</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">include "keys/zone1-keys.conf";</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">include "keys/zone2-keys.conf";</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">acl external { 10.222.33.0/18; 10.222.44.0/18; };</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">acl internal { 10.11.0.0/16; 10.12.0.0/16; };</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">//////</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">// zone1 and zone2 keys used to ensure correct zone
transfer from slave</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">//////</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">view "external-sites" {</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> match-clients { !key zone2.key; key zone1.key;
external; };</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">
</span><span style="font-size:11.0pt;font-family:"Courier
New"">zone "aa.example.net" {</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New"">
type master;</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> file "zones.master/aa-view1.example.net";</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> notify explicit;</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> also-notify { 10.12.143.56 key zone1.key;
};</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> update-policy {</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> grant "ext-update.key." name
web.aa.example.net. CNAME;</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> };</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> };</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> include "zones.common.config.view1";</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">}; // End view "external-sites"</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">view "internal-sites" {</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> match-clients { !key zone1.key; key zone2.key;
internal; localhost; };</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> zone "aa.example.net" {</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> type master;</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> file "zones.master/aa-view2.example.net";</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> notify explicit;</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> also-notify { 10.12.143.56 key zone2.key;
};</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> update-policy {</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> grant "int-update.key." name
web.aa.example.net. CNAME;</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> };</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> };</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> include "zones.common.config.view2";</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">}; // End view "grus-zone2"</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US">view "default" {</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> match-clients { any; };
</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> include "zones.common.config.view2";</span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New""
lang="EN-US"> </span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Courier New"">};
// End view "default"</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal">mydomains-keys.conf file contains :</p>
<p class="MsoNormal"> </p>
<p style="margin:0cm;margin-bottom:.0001pt"><font size="-2"
face="Courier New"><span style="font-size: 11pt;" lang="EN-US">key
ext-update.key. {</span></font></p>
<font size="-2" face="Courier New">
</font>
<p style="margin:0cm;margin-bottom:.0001pt"><font size="-2"
face="Courier New"><span style="font-size: 11pt;" lang="EN-US">
algorithm HMAC-SHA512;</span></font></p>
<font size="-2" face="Courier New">
</font>
<p style="margin:0cm;margin-bottom:.0001pt"><font size="-2"
face="Courier New"><span style="font-size: 11pt;" lang="EN-US">
secret "secret2";</span></font></p>
<font size="-2" face="Courier New">
</font>
<p style="margin:0cm;margin-bottom:.0001pt"><font size="-2"
face="Courier New"><span style="font-size: 11pt;" lang="EN-US">};</span></font></p>
<font size="-2" face="Courier New">
</font>
<p style="margin:0cm;margin-bottom:.0001pt"><font size="-2"
face="Courier New"><span style="font-size: 11pt;" lang="EN-US"> </span></font></p>
<font size="-2" face="Courier New">
</font>
<p style="margin:0cm;margin-bottom:.0001pt"><font size="-2"
face="Courier New"><span style="font-size: 11pt;" lang="EN-US">key
int-update.key. {</span></font></p>
<font size="-2" face="Courier New">
</font>
<p style="margin:0cm;margin-bottom:.0001pt"><font size="-2"
face="Courier New"><span style="font-size: 11pt;" lang="EN-US">
algorithm HMAC-SHA512;</span></font></p>
<font size="-2" face="Courier New">
</font>
<p style="margin:0cm;margin-bottom:.0001pt"><font size="-2"
face="Courier New"><span style="font-size: 11pt;" lang="EN-US">
secret "secret3";</span></font></p>
<font size="-2" face="Courier New">
</font>
<p style="margin:0cm;margin-bottom:.0001pt"><font size="-2"
face="Courier New"><span style="font-size: 11pt;" lang="EN-US">};</span></font></p>
<font size="-2">
</font>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">Error message in
/var/log/named/named.log is :<br>
</span></p>
<p class="MsoNormal"><br>
</p>
<p class="MsoNormal"><font face="Courier New"><span lang="EN-US">10-Jul-2020
13:27:14.695 update: info: client @0x7f0a200a9b30
10.124.15.148#64606/key arc-zone2.key: view grus-zone2:
updating zone 'pacs.telenor.net/IN': update failed: rejected
by secure update (REFUSED)</span></font></p>
<font face="Courier New">
</font>
<p class="MsoNormal"><font face="Courier New"><span lang="EN-US">10-Jul-2020
13:28:13.883 update: info: client @0x7f0a200a9b30
10.124.15.148#64606/key arc-zone2.key: view grus-zone2:
updating zone 'pacs.telenor.net/IN': update failed: rejected
by secure update (REFUSED)</span></font></p>
<font face="Courier New">
</font>
<p class="MsoNormal"><font face="Courier New"><span lang="EN-US"> </span></font></p>
<p class="MsoNormal"><span lang="EN-US"></span></p>
<p class="MsoNormal"><span lang="EN-US"><br>
</span></p>
<pre class="moz-signature" cols="72">--
Best regards,
Per Weisteen
</pre>
</body>
</html>