On 9/6/22 4:16 PM, Michael De Roover wrote:
once I tried to do the same on the satellite network, BIND on the main
network would see the zone transfer as coming from 192.168.10.51 or
192.168.10.52 -- instead of coming from 192.168.20.3 -- and refuse
it. The same is true the other way around, wh
If you are dealing with two totally private networks, do you even need
the ACL?
But if you do need to limit access, then I suggest using TSIG to
identify and authorize. This avoids the whole question of
source/destination IP addresses. If the transfer request is made using
the correct key, it
Hi Michael.
Have you tried without the "allow-transfer" statements at all? I find it
usually works best to start simple, get it working, then apply security bit
by bit.
Do you have logs from all servers? What are they telling you specifically
about what is the issue?
Lastly, get packet captures of
Hello everyone,
I have currently 2 internal networks under my control, both of which have BIND
name servers in them. The "main" network uses the 192.168.10.0/24 subnet,
while the "satellite" network uses the 192.168.20.0/24 subnet. Following this,
I will refer to these as main and satellite. Yo
4 matches
Mail list logo
