Zone Transfers Being Refused

2023-07-31 Thread duluxoz
Hi All, Hoping someone can help with this: I've got a primary dns server on an internal network (192.168.2.10/24) and an external secondary dns server on the dmz network (192.168.1.10/24). The gateway for each (ie the router) is 192.168.x.1. The external domain is dynamic, with dnssec set up

Re: Zone Transfers Being Refused

2023-07-31 Thread Ondřej Surý
Hi, it’s hard to help you if you don’t provide your configuration (named-checkconf -px) and use example.com instead of real domain names. Are even the IP addresses real? Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated

Re: Zone Transfers Being Refused

2023-07-31 Thread duluxoz
Hi Ondřej, Sorry, force of habit (re: "example.com"). External Secondary DNS Server (ns1.mjb-co.com): ~~~ acl "bogusnets" {     !"internal_hosts";     0.0.0.0/8;     10.0.0.0/8;     172.16.0.0/12;     192.0.2.0/24;     192.168.0.0/16;     224.0.0.0/3; }; acl "internal_hosts" {     192.168.1.0/

Re: Zone Transfers Being Refused

2023-07-31 Thread Ondřej Surý
Well, for starters your primaries list 192.168.2.10, but your logs show connection from 192.168.1.1… -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 31. 7. 2023, at 9:51, dulux

Re: Zone Transfers Being Refused

2023-07-31 Thread duluxoz
Yeap, that's what my issue is  :-) On 31/07/2023 18:09, Ondřej Surý wrote: Well, for starters your primaries list 192.168.2.10, but your logs show connection from 192.168.1.1… -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated

Re: Zone Transfers Being Refused

2023-07-31 Thread Nick Tait via bind-users
Hi Dulux-Oz.It looks like the router between the primary and secondary DNS servers is performing NAT on the packets it is forwarding between those subnets?It would make your life much simpler if you can turn that off? I.e only NAT packets going out to the Internet/your ISP?Nick. Origina

zone [ ]

2023-07-31 Thread Reese Wang
I didn't find the format specification of in the documentation here https://bind9.readthedocs.io/en/latest/reference.html#zone-block-grammar Can it contain wildcard characters? Will it cause problems if I define hundreds of zones in the config file? I'm setting up a forwarding resolver and I wan

Re: zone [ ]

2023-07-31 Thread Darren Ankney
Hi, I'm fairly certain that the content of string is a valid DNS zone. So, whatever is allowed by RFC 1034 is allowed there. I'm not sure BIND will emit an error, however, as I don't think it enforces any domain label rules. The zone may not work, however, if it is incorrectly named. Thank you,