[CentOS] Master - Slave Split DNS

Fri Feb 20 04:07:07 UTC 2015
aditya hilman <aditya.hilman at gmail.com>

On Wed, Feb 18, 2015 at 7:47 PM, aditya hilman <aditya.hilman at gmail.com>
wrote:

>
> On Feb 18, 2015 7:43 PM, "Tris Hoar" <trishoar at bgfl.org> wrote:
> >
> > On 18/02/2015 07:17, aditya hilman wrote:
> >>
> >> Hi folks,
> >>
> >> I've already configured split DNS for internal-view and external-view.
> Also
> >> already configured the master - slave dns.
> >> But i've problem with external-view zone transfer.
> >> Based on the logs, the master notify to slave using the public ip,
> which is
> >> not accessible by master to transfering the zone over public ip.
> >> Is it possible to transfer zone over local ip for external-view ?
> >>
> >> Thanks.
> >>
> >
> > Hi Adit,
> >
> > If you are not already using TSIG's in your views I suggest you look at
> this guide
> >
> http://blog.hudecof.net/posts/2014/02/07/bind9-with-views-and-tsig-axfr.html
> > It shows how to use TSIG's to identify the views so you can slave both
> of them to the secondary.
> >
> > also you want to add to the options section on the master
> > also-notify { slaves-IP; };
> > This make it tell the slave to update its zone.
> >
> > Tris
> >
> >
> > *************************************************************
> > This email and any files transmitted with it are confidential
> > and intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> postmaster at bgfl.org
> >
> > The views expressed within this email are those of the individual, and
> not necessarily those of the organisation
> > *************************************************************
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
>
> Thanks all for the suggestions.
> I'll check it.
>


Hi folks,

Below the named.conf and logs when transfer zone the external-view.
Transfer zone for the internal-view is working properly.

named.conf
view "internal-view" {
        match-clients { internal; };

                zone "." IN {
                type hint;
                file "named.ca";
                };

                # domain zone
                zone "domain.com" {
                type master;
                file "domain.com.internal";
                allow-transfer { 10.xx.xx.xx; 10.xx.xx.xx; };
                notify yes;
                also-notify { 10.xx.xx.xx; 10.xx.xx.xx; };
                };
}

view "external-view" {
        match-clients { any; };

                zone "." IN {
                type hint;
                file "named.ca";
                };

                # domain zone
                zone "domain.com" {
                type master;
                file "domain.com.external";
                allow-transfer { 10.xx.xx.xx; 10.xx.xx.xx; };
                notify yes;
                also-notify { 10.xx.xx.xx; 10.xx.xx.xx; };
                };
}


18-Feb-2015 09:00:59.176 notify: debug 2: zone domain.com/IN/external-view:
notify to 202.xx.xx.xx#53 failed: timed out

Can i redirect transfer zone the external-view using the local ip
10.xx.xx.xx ?

Thanks.

-- 
Regards,
Adit
http://a <http://simplyaddo.web.id>dityahilman.com
http://id.linkedin.com/in/adityahilman
ym : science2rule