Zone refresh checks and zone transfer requests are not recursive queries. With
match-recursive-only, the view cannot act as a master to any slave. You might
want to consider a hidden master that does not have this option set.
Regards,
Chris Buxton
BlueCat Networks
On Dec 21, 2011, at 1:54 AM, Konstantin V. Krotov wrote:
> Hello, list!
> I have split view on my name-servers (master and slave), for internal and
> external clients i have zone with similar names, but different content.
> Part of config named.conf on master:
>
> view "internal" {
> match-clients { myclients; };
> recursion yes;
> match-recursive-only yes;
> allow-recursion { myclients; };
> ...
> zone "10.168.192.in-addr.arpa" {
> type master;
> file "10.168.192.in-addr.arpa.db";
> allow-transfer {transfer_acl;};
> allow-update {none;};
> };
> ...
> }
>
> view "external" {
> match-clients { "any"; };
> recursion no;
> ...
> [here descriptions of zone]
> }
>
> Well, then i have "match-recursive-only yes" directive in "internal" view,
> slave name-server report: "zone 10.168.192.in-addr.arpa/IN/internal: refresh:
> non-authoritative answer from master xx.xx.136.2#53 (source xx.xx.140.26#0).
> If match-recursive-only no, zone transfer to slave all right. There i have
> wrong? Thx.
>
> --
> WBR, Konstantin V. Krotov
> mailto: k...@insysnet.ru
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
