Does anyone have views working that's willing to share their named.conf
file? I must have something hosed up, but I can't find it.
On the master server, I have views working fine. The problem is that the
slave server does the zone transfers incorrectly, but in a very strange
fashion.
If I erase the slave servers zone files to force a zone transfer, and start
named on that box, I see the zone files I'm expecting, but their contents
are all private data. The files holding public IP's on the master hold the
private IP's on the slave.
Here's a section of the masters named.conf on 192.168.168.144:
view "private" {
match-clients { 192.168.168.0/24; 127.0.0.0/8; 66.80.98.192/28; };
recursion yes;
zone "trophyclubhome.com" IN {
type master;
notify explicit;
also-notify { 192.168.168.146; };
file "zone/privatetrophyclubhome.com";
# Allow the slave to transfer and inquire.
allow-transfer { 192.168.168.146; };
allow-query { internals; };
};
};
view "public" {
match-clients { any; };
recursion no;
zone "trophyclubhome.com" IN {
type master;
notify explicit;
also-notify { 192.168.168.146; };
file "zone/trophyclubhome.com";
# Allow the slave to transfer and inquire.
allow-transfer { 192.168.168.146; };
allow-query { any; };
};
};
Note that the file trophyclubhome.com contains only public IP addresses and
the file privatetrophyclubhome.com only contains private IP addresses.
Here's the slave servers (192.168.168.146) equivalent section of the
named.conf file:
view "private" {
match-clients { 192.168.168.0/24; 127.0.0.0/8; 66.80.98.192/28; };
recursion yes;
zone "trophyclubhome.com" IN {
type slave;
notify no;
masters { 192.168.168.144; };
file "zone/privatetrophyclubhome.com";
# Allow the slave to transfer and inquire.
allow-transfer { 192.168.168.211; };
allow-query { internals; };
};
};
view "public" {
match-clients { any; };
recursion no;
zone "trophyclubhome.com" IN {
type slave;
notify no;
masters { 192.168.168.144; };
file "zone/trophyclubhome.com";
# Allow the slave to transfer and inquire.
allow-transfer { 192.168.168.211; };
allow-query { any; };
};
};
I believe the problem has to do with the fact that when the slave asks for a
zone transfer, its coming from a "private" IP address (192.168.168.146) and
consequently the master only sends over private content, even for the public
zone files. No matter what the slave asks for, since the request comes from
a private IP address, the master only sends private data.
On the slave, the file trophyclubhome.com contains private IP addresses and
privatetrophyclubhome.com contains private IP addresses. No file contains
public IP addresses, and that's the problem.
How is a slave server sitting on a private IP address ever supposed to get
zone transfers of public IP's? What's wrong with my config?
--
Bill Gradwohl
YCC
(817) 224-9400 x211
www.ycc.com
SPAMstomper Protected E-mail
www.stomperware.com
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
