The key names will show up in syslog messages along with IPs and view names. Compare master and slave syslogs for clues.
JM ---------------------------------------------------------------------- Message: 1 Date: Sat, 25 Aug 2012 11:48:47 -0400 From: John Wingenbach <b...@wingenbach.org> To: bind-users@lists.isc.org Subject: Re: Zone Transfer issue on BIND9 Message-ID: <20120825114847.6679a...@cistern.wingenbach.org> Content-Type: text/plain; charset=US-ASCII The problem pointed out in your 'match-clients' is the first glaring problem. What you need to understand is that from the point of BIND, your slave server is treated the same (from the view ) as any "client" for the master and vice versa. So, the communication between master and slave needs to be taken into account along with "real" clients. Breaking down your views along w/ the files, it appears you want to have 3 unique zone files for the same domains being transferred from master to slave. That means you need to define 3 unique paths between master and slave. Given that, if you are going to only use one IP, you need to use 2 keys. For example, TSIG1-KEY, TSIG2-KEY and the 'other' match. I'd heavily recommend following the other advice and simplify your test scenario. Get the communication working for a single unique zone file across the 3 views between the master and slave. Then add in whatever other acls needed to support non-master/slave comm. Once you have that, then augment it with the rest of zones you need to support. -- John ------------------------------ _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users End of bind-users Digest, Vol 1295, Issue 1 ******************************************* _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
