RE: BIND problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bill Gradwohl wrote:
> bind 9-2-3 was running just fine on two name servers (master
> NS1 & slave NS2) until I implemented split DNS using "views".
> 
> I've got about 30 zones, but I'll only present one.
> Here is the portion of my master named.conf that's of interest.
> 
> view "private" {
>    match-clients { 192.168.168.0/24; 127.0.0.0/8; 66.80.98.192/28; };  
>    recursion yes; zone "ycc.com" IN {
>       type master;
>       notify explicit;

According to the named.conf docs... The notify parameter shold be either yes
or no. Do you see any errors logged when named starts?

>       also-notify { 192.168.168.146; };

If 192.168.168.146 is a listed name server (NS) within the zone, the
also-notify is really not needed.
 
>       file "zone/privateycc.com";
>       # Allow the slave to transfer and inquire.
>       allow-transfer { 192.168.168.146; 192.168.168.211;
>       192.168.168.54; };
>        allow-query { internals; };
>    };
> };

I take it you have previously defined an ACL named internals?? E.g. Relevant
parts from my named.conf file

acl "trusted-nets" {
        192.168.8.0/22;
        127.0.0.1;
};

acl "xfer-int" {
        192.168.9.3; 
}; 
 
acl "xfer-ext" {
        xx.xx.xx.xx;   // Public Slave Server
        xx.xx.xx.xx;   // Public Slave Server
};

// Global Options
options {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";
        statistics-file "/var/log/named/named.stats";
        dump-file "/var/log/named/named.dump";
        zone-statistics yes;
 
        listen-on { 127.0.0.1 ; 192.168.8.2; };
        
        notify no;
        transfer-format many-answers;
        max-transfer-time-in 60;
        interface-interval 0;
 
        allow-transfer {
             xfer-int;
             xfer-ext;
        };
        allow-query {
             trusted-nets;
        };
};

view "internal" in {
        match-clients { trusted-nets; };
        recursion yes;
        
        additional-from-auth yes;
        additional-from-cache yes;
        
        zone "mydomain.com" in {
            type master;                 // Zone is a master
            notify yes;                  // Send notifies?
            file "int/db.mydomain";      // Load zone file
        };
};

view "external" in { 
        match-clients { any; };
        recursion no;
         
        additional-from-auth no; 
        additional-from-cache no;

        zone "mydomain.com" in {
            type master;                 // Zone is a master
            notify yes;                  // Send notifies?
            allow-query { any; };        // Allow anyone to query zone 
            file "ext/db.mydomain";      // Load zone file
        };


-- 
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
[Index of Archives]     [Fedora Users]     [Centos Users]     [Kernel Development]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat Phoebe Beta]     [Yosemite Forum]     [Fedora Discussion]     [Gimp]     [Stuff]     [Yosemite News]

  Powered by Linux