Re: Shared dynamic zone on external view?

Thu, 08 Nov 2012 06:47:43 -0800 

Le 08/11/2012 13:20, /dev/rob0 a écrit :

On Thu, Nov 08, 2012 at 09:23:05AM +1100, Mark Andrews wrote:

In message <[email protected]>, "Nicolas C." writes:

I have a dynamic zone on an external view, this zone is updated
with a TSIG key from outside of our network. There is a secondary
DNS server, also outside our network on which zones transfers are
working fine with no key.

We would like to make one of our internal DNS secondary for this
zone and we have the "dynamic zone shared between views" problem.
I tried to follow the FAQ but no luck so far.

I'm not sure that what I'm trying to do is possible, can someone
confirm this?

Should I follow the FAQ and make my dynamic zone "master" on the
"internal" view? That makes less sense to us because this are
public zones, updated from the outsite.

This is my configuration :

view "internal" {
    match-clients {

      !key external;
      key shared;

      <IPv4/IPv6 ranges including IPv4-of-my-DNS>
    };

    zone "<my_zone>" {
      type slave;
      file "db.shared-int";
      masters { IPv4-of-my-DNS; };


You need to force the internal zone to talk to the external zone.

        masters { IPv4-of-my-DNS key external; };


Should not the master also have an "also-notify" to notify the
internal zone as well? Or the zone might contain a bogus internal-
only NS host, but that would seem less appropriate. If the notify
received is only for the external view, the internal view will only
update on elapsed SOA expire time.
Yes, it is specified on the FAQ and you can see it in my configuration below (also-notify { IPv4-of-my-DNS; };).
It's working now, I had some issues because the DNS server was 100% secondary so notifications were disabled globally in "options". When it became master for this dynamic zone, it wasn't notifying the internal view on the secondary.
Enabling notifications or explicitly notifying the secondary solved the problem. 

Regards,

Nicolas


      transfer-source IPv4-of-my-DNS;
    };
};

view "external" {

    match-clients { !key shared; any };
    allow-transfer { IPv4-of-my-DNS; };
    server IPv4-of-my-DNS; { keys { shared; }; };

    zone "<my_zone>" {
      type master;
      file "db.shared-ext";
      notify yes;
      also-notify { IPv4-of-my-DNS; };



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to