On 9/6/22 4:16 PM, Michael De Roover wrote:
once I tried to do the same on the satellite network, BIND on the main network would see the zone transfer as coming from 192.168.10.51 or 192.168.10.52 -- instead of coming from 192.168.20.3 -- and refuse it. The same is true the other way around, where the name server on the satellite network sees zone transfers from the main network as coming from 192.168.20.1 instead.
This screams of a VPN / routing / NATing / masquerading problem to me.I would expect that BIND would see the traffic as sourced from the name server's LAN IP, not the local VPN gateway IP.
Presuming that the routing is working correctly, you should be able to configure BIND ACLs as you indicate you tried to do.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
