On Aug 19, 2009, at 6:30 PM, Mark Andrews wrote:
Thanks. That worked, and I was quickly able to see what I was doing
wrong. My primary nameserver was matching an IP in one of the
views. So all the notifies were seen by slave as being in that one
view. IPs override keys.
Acl matches are order sensitive. The !key is in the examples to
prevent
the signed message matching the view and moving onto the next one.
Ok, that makes even more sense. I was getting what appeared to be
very non-deterministic behavior, but well, of course, once you know
the rules it makes a lot of sense.
In my case with multiple views and multiple keys..
{ subnet A; key A;};
{ subnet B; key B;};
{subnet C; key C;};
{subnet D; key D}:
If the server was in subnet C, and used key A or B it would work fine,
but just by coincidence. Key C would work too, once again, by
coincidence...but key D...boom.
Anyways, it's working great now. Thanks to everyone who helped.
Thanks,
Josh Paetzel
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
