Problems with Bind DNS Views (internal, external)

Discussion in 'Linux Networking' started by Stefan Sabolowitsch, Mar 10, 2005.

  1. Hi List,

    I have here two bind server 9.x last version.
    One is master and the other Slave.

    There are two views, internal and external.

    If I on the Slave the following make:

    rndc reload XXXXX.com IN external

    It receives from the master only "internal" the zone,
    not the eXternal zone.

    Why ?

    In the log file of the master one sees the following:

    Mar 10 09:41:15 linuxsrv3 named[7616]: queries: info: client
    192.168.100.18#33131: query: XXXXX.de IN SOA

    No reference to internal or external.


    Is there a parameter, with which one can address
    internal and external exactly?

    thx

    Stefan



    named.conf from slave:

    // internal hosts
    acl internals {
    192.168.1.0/24;
    192.168.0.0/24;
    192.168.100.0/24;
    192.168.5.0/24;
    192.168.6.0/24;
    127.0.0.0/24;
    };

    // external hosts
    acl externals {
    !internals;
    };

    acl forwarder {
    194.25.0.68;
    194.25.0.52;
    194.25.0.60;
    };
    acl telekom {
    194.25.0.125;
    194.25.0.121;
    194.25.1.113;
    194.25.15.217;
    194.246.96/24;
    129.70.132.100;
    195.244.245.27;
    194.25.0.122;
    195.244.245.25;
    195.244.245.24;
    194.25.0.44;
    194.25.0.45;
    194.25.0.46;
    62.156.152.59;
    62.156.153.47;
    };

    options {
    directory "/etc/namedb";
    pid-file "/var/run/named/named.pid";


    allow-transfer { none; }; // sample allow-transfer
    allow-query { internals; externals; telekom; }; // restrict
    query access
    allow-recursion { internals; }; // restrict recursion
    notify no;
    forward only;
    forwarders {
    194.25.0.52;
    194.25.0.60;
    194.25.0.68;
    };
    };


    logging {
    channel named_info {
    // log to syslog instead of a file
    syslog daemon;
    severity info;
    // include the category of the event in the log
    print-category yes;
    // include the severity of the event in the log
    print-severity yes;
    // include the time of the event in the log
    // print-time yes;
    };

    // Processing of client requests
    category client { named_info; };

    // named.conf parsing and processing
    category config { named_info; };

    // Messages relating to internal memory structures
    category database { named_info; };

    // This is the default for any category not specifically
    defined
    category default { named_info; };

    // The catch-all. Anything without a category of its own
    category general { named_info; };

    // Uncomment if you dont want to know about lame server.
    // Leave commented and it defaults to the
    // value of default above
    // category lame-servers { null; };

    // The NOTIFY protocol
    category notify { named_info; };

    // Network operations
    category network { named_info; };

    // DNS resolution like recursive lookups, etc..
    category resolver { named_info; };

    // Approval and denial of requests
    category security { named_info; };

    // Dynamic updates
    category update { named_info; };

    // Queries. Duh.
    category queries { named_info; };

    // Zone transfers received
    category xfer-in { named_info; };

    // Zone transfers sent
    category xfer-out { named_info; };
    };


    view "internal" {
    // Internal network
    match-clients {
    internals;
    127.0.0.0/24;
    };

    recursion yes;

    // Provide a reverse mapping for the loopback address 127.0.0.1
    zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "db.127.0.0";
    notify no;
    };

    // Root server hints
    zone "." IN {
    type hint;
    file "db.cache";
    };

    // We are the slave server for XXXXX.de
    zone "XXXXX.de" IN {
    type slave;
    masters {192.168.100.20; };
    file "db.XXXXX-de.internal";

    allow-query { internals; };
    allow-transfer { internals; };
    };

    // We are the slave server for XXXXX.com
    zone "XXXXX.com" IN {
    type slave;
    masters {192.168.100.20; };
    file "db.XXXXX-com.internal";

    allow-query { internals; };
    allow-transfer { internals; };
    };


    // Provide a reverse mapping for 192.168.0.0-255
    zone "0.168.192.in-addr.arpa" IN {
    type slave;
    masters {192.168.100.20; };
    file "db.192.168.0.rev";

    allow-query { internals; };
    allow-transfer { internals; };
    };


    // Provide a reverse mapping for 192.168.1.0-255
    zone "1.168.192.in-addr.arpa" IN {
    type slave;
    masters {192.168.100.20; };
    file "db.192.168.1.rev";

    allow-query { internals; };
    allow-transfer { internals; };
    };

    // Provide a reverse mapping for 192.168.100.0-255
    zone "100.168.192.in-addr.arpa" IN {
    type slave;
    masters {192.168.100.20; };
    file "db.192.168.100.rev";

    allow-query { internals; };
    allow-transfer { internals; };
    };


    };

    view "external" {
    // External network
    match-clients { any; };

    recursion no; // refuse recursive service to external clients

    // Provide a reverse mapping for the loopback address 127.0.0.1
    zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "db.127.0.0";
    notify no;
    };

    // Root server hints
    zone "." IN {
    type hint;
    file "db.cache";
    };

    // We are the slave server for XXXXX.de
    zone "XXXXX.de" IN {
    type slave;
    masters {192.168.100.20; };
    file "db.XXXXX-de.external";

    notify yes;
    allow-query {
    any;
    };
    allow-transfer {
    internal; telekom;
    };
    };


    // We are the slave server for XXXXX.com
    zone "XXXXX.com" IN {
    type slave;
    masters {192.168.100.20; };
    file "db.XXXXX-com.external";

    notify yes;
    allow-query {
    any;
    };
    allow-transfer {
    internal; telekom;
    };
    };



    // Provide a reverse mapping for 217.6.XX.0/25
    zone "0.XX.6.217.in-addr.arpa" IN {
    type slave;
    masters {192.168.100.20; };
    file "db.217.6.XX.rev";

    allow-query {
    any;
    };
    allow-transfer {
    internal; telekom;
    };
    notify yes;
    };
    };
     
    Stefan Sabolowitsch, Mar 10, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.