In article <mailman.1916.1428507901.26362.bind-us...@lists.isc.org>,
William Clarke <wcla...@simons-rock.edu> wrote:
> Barry,
>
> Thanks you. I appreciate your response Barry. I'm fairly new to Bind and
> DNS and have gotten a bit lost. Is there any way you can provide a
> little more information for me? Am I not correct in saying that I'm
> already using TSIG keys in the include lines?
You need to use the TSIG key in the "match-clients" clause so it will be
used to select the appropriate view.
view "internal" {
match-clients { !key slave-external; !192.168.1.4; 10.0.0.0/8;
192.168.0.0/16; 127.0.0.0/8; };
allow-transfer { key slave-internal; };
...
}
view "external" {
match-clients { any; };
allow-transfer { key slave-external; };
...
}
> ------------------------------------------------------------
> view "external" {
> match-clients { any; };
> allow-transfer { key slave-external; };
> ....
> ...
> ..
> include "/etc/rndc.key";
> include "/etc/transfer-internal.key";
> include "/etc/transfer-external.key";
> ------------------------------------------------------------
>
> /var/named/chroot/etc/transfer-external.key
> key "slave-external" {
> algorithm hmac-md5;
> secret "blahblahblahblahblah";
> };
>
> Thanks,
>
> William Clarke
> ITS System Administrator
> Bard College at Simon's Rock
> 84 Alford Road
> Great Barrington, MA 01230
> (413) 528-7428 (voice)
> (413) 528-7405 (fax)
> wcla...@simons-rock.edu
>
> On 4/8/2015 10:54 AM, Barry Margolin wrote:
> > In article <mailman.1910.1428503936.26362.bind-us...@lists.isc.org>,
> > William Clarke <wcla...@simons-rock.edu> wrote:
> >
> >> Resending because the message was over 40K... I removed most of the
> >> internal\external zones and logs to shorten the message.
> >> We have a split DNS chrooted master\slave setup running on CentOS 5.11.
> >> I have 3 named.conf files below, Working master, working slave and a new
> >> CentOS 7 non-working slave that I'm trying to spin up. The internal
> >> zones do get transferred\updated however theexternal zones aren't
> >> transferring at all, the master doesn't even have any mentioning of
> >> external transfers for this specific slave. I have a hunch that this is
> >> either happening because I don't have multiple network adapters
> >> configured ie split DNS for slave or possibly a hostname issue. I tried
> >> to basically mirror the setup of my new slave all except the ip address.
> >> My new slave is 192.168.1.224. The instructions I followed to set this
> >> up was from:
> >> http://www.ehowstuff.com/how-to-setup-bind-chroot-dns-server-on-centos-7-0-
> >> vps
> >> /
> > Since the new slave only has one address, you can't use the IP to
> > distinguish which view should be sent in a zone transfer. You need to
> > use TSIG keys.
> >
--
Barry Margolin
Arlington, MA
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
