Re: Need assistance with configuring external zone on a 2nd CentOS 7 bind v9.4.4 dns slave

Wed, 08 Apr 2015 08:46:16 -0700 

Barry,
Thanks you. I appreciate your response Barry. I'm fairly new to Bind and DNS and have gotten a bit lost. Is there any way you can provide a little more information for me? Am I not correct in saying that I'm already using TSIG keys in the include lines? 
------------------------------------------------------------
view "external" {
        match-clients { any; };
        allow-transfer { key slave-external; };
....
...
..
include "/etc/rndc.key";
include "/etc/transfer-internal.key";
include "/etc/transfer-external.key";
------------------------------------------------------------

/var/named/chroot/etc/transfer-external.key
key "slave-external" {
        algorithm       hmac-md5;
        secret          "blahblahblahblahblah";
};

Thanks,

William Clarke
ITS System Administrator
Bard College at Simon's Rock
84 Alford Road
Great Barrington, MA  01230
(413) 528-7428 (voice)
(413) 528-7405 (fax)
wcla...@simons-rock.edu

On 4/8/2015 10:54 AM, Barry Margolin wrote:

In article <mailman.1910.1428503936.26362.bind-us...@lists.isc.org>,
  William Clarke <wcla...@simons-rock.edu> wrote:


Resending because the message was over 40K... I removed most of the
internal\external zones and logs to shorten the message.
We have a split DNS chrooted master\slave setup running on CentOS 5.11.
I have 3 named.conf files below, Working master, working slave and a new
CentOS 7 non-working slave that I'm trying to spin up. The internal
zones do get transferred\updated however theexternal zones aren't
transferring at all, the master doesn't even have any mentioning of
external transfers for this specific slave. I have a hunch that this is
either happening because I don't have multiple network adapters
configured ie split DNS for slave or possibly a hostname issue. I tried
to basically mirror the setup of my new slave all except the ip address.
My new slave is 192.168.1.224. The instructions I followed to set this
up was from:
http://www.ehowstuff.com/how-to-setup-bind-chroot-dns-server-on-centos-7-0-vps
/

Since the new slave only has one address, you can't use the IP to
distinguish which view should be sent in a zone transfer. You need to
use TSIG keys.



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to