Hello,
I have a dynamic zone on an external view, this zone is updated with a
TSIG key from outside of our network. There is a secondary DNS server,
also outside our network on which zones transfers are working fine with
no key.
We would like to make one of our internal DNS secondary for this zone
and we have the "dynamic zone shared between views" problem. I tried to
follow the FAQ but no luck so far.
I'm not sure that what I'm trying to do is possible, can someone confirm
this?
Should I follow the FAQ and make my dynamic zone "master" on the
"internal" view? That makes less sense to us because this are public
zones, updated from the outsite.
This is my configuration :
view "internal" {
match-clients {
!key external;
key shared;
<IPv4/IPv6 ranges including IPv4-of-my-DNS>
};
zone "<my_zone>" {
type slave;
file "db.shared-int";
masters { IPv4-of-my-DNS; };
transfer-source IPv4-of-my-DNS;
};
};
view "external" {
match-clients { !key shared; any };
allow-transfer { IPv4-of-my-DNS; };
server IPv4-of-my-DNS; { keys { shared; }; };
zone "<my_zone>" {
type master;
file "db.shared-ext";
notify yes;
also-notify { IPv4-of-my-DNS; };
update-policy {
grant another-key subdomain <my_zone> ANY;
grant princi...@rea.lm subdomain <my_zone> ANY;
};
};
When I reload the configuration or try to initiate a zone transfer with
dig and the "shared" key, I have this message in the logs.
zone <my_zone>/IN/internal: refresh: unexpected rcode (SERVFAIL) from
master IPv4-of-my-DNS#53 (source IPv4-of-my-DNS#0)
Regards,
Nicolas
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
