Hi.
I have a master/slave combo, the master is ok, displays the correct info when
queried, but the slave displays too much info, including the internal stuff.
The master uses two zone files (*internal and *external) that each include
different files using $INLCUDES each containing different information 1) the
external includes domain names that the world needs to know and 2) the internal
includes the world stuff + internal domain names.
I am displaying the config info for one of the domains I am most concerned
about (the master is 220.233.246.146, the slave is 220.233.37.60).
Currently the slave nameserver will REFUSE external queries until I fix this =>
allow-query { internal; };
Master /etc/named.conf:
acl "internal" { localhost; 192.168.0.0/16; 10.1.0.0/16; 220.233.246.146; };
acl "external" { any; localhost; };
view "internal" {
match-clients { "internal"; };
recursion yes;
zone "barrett.com.au" {
type master;
file "pz/barrett.com.au.internal";
forwarders {};
allow-update { localhost; };
also-notify { 220.233.37.60; };
notify explicit;
};
}
view "external" {
match-clients { any; };
recursion no;
zone "barrett.com.au" {
type master;
file "pz/barrett.com.au.external";
forwarders {};
allow-update { localhost; };
also-notify { 220.233.37.60; };
notify explicit;
};
}
MASTER pz/barrett.com.au.internal:
$TTL 7200;
@ IN SOA ns1.barrettconsulting.com.au. hostmaster.barrettconsulting.com.au. (
2013090530 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
2w ; expire after 1 week
1h ) ; negative caching TTL of one hour
IN TXT "Barrett Consulting Group Name Server"
IN SPF "v=spf a mx ptr mx:mail.barrett.com.au
mx:mail2.barrett.com.au mx:mail.salesessentials.com ip4:118.127.20.99
ip4:220.233.246.146 -all"
IN NS ns1.barrettconsulting.com.au.
IN NS ns2.barrettconsulting.com.au.
IN MX 10 mail.barrett.com.au.
IN MX 100 mail2.barrett.com.au.
$INCLUDE pz/barrett.com.au.internal.zone_data
MASTER pz/barrett.com.au.external:
$TTL 7200;
@ IN SOA ns1.barrettconsulting.com.au. hostmaster.barrettconsulting.com.au. (
2013090530 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
2w ; expire after 1 week
1h ) ; negative caching TTL of one hour
IN TXT "Barrett Consulting Group Name Server"
IN SPF "v=spf a mx ptr mx:mail.barrett.com.au
mx:mail2.barrett.com.au mx:mail.salesessentials.com ip4:118.127.20.99
ip4:220.233.246.146 -all"
IN NS ns1.barrettconsulting.com.au.
IN NS ns2.barrettconsulting.com.au.
IN MX 10 mail.barrett.com.au.
IN MX 100 mail2.barrett.com.au.
$INCLUDE pz/barrett.com.au.external.zone_data
This works VERY FINE for the MASTER, e.g. if I query the namesever from an
outside network and request an internal address it will diplay
** server can't find dev.barrett.com.au: NXDOMAIN
but on the slave BOTH zone files have the same information in them including
external and internal zone data (which I do not want)
Slave /etc/named.conf:
acl "internal" { localhost; 192.168.0.0/16; 10.1.0.0/16; 220.233.37.60; };
acl "external" { any; localhost; };
view "internal" {
match-clients { "internal"; };
recursion yes;
zone "barrett.com.au" {
type slave;
file "pz/bak.barrett.com.au.internal";
forwarders { };
masters { 220.233.246.146; };
notify no;
};
}
view "external" {
match-clients { any; };
recursion no;
zone "barrett.com.au"{
type slave;
file "pz/bak.barrett.com.au.external";
forwarders {};
masters { 220.233.246.146; };
notify no;
};
}
Now, is it incorrect that I can have separate zone files on the slave (each
containing different info)?
If this is possible, what am I doing wrong to get this to work?
thanks
Jobst
--
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone. -- Bjarne
Stroustrup, inventor of the C++ language.
| |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L & The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
