On 22 December 2016 at 13:05, Asai <a...@globalchangemusic.org> wrote:
> Still trying to figure this out, still am not doing something right. I’m > still getting REFUSED when trying to do transfers from Master to Slave. > Not sure what I’m doing wrong, so please point out my errors here. I have > two views, but neither are getting any transfers so I’ve only included one > in the config. > It would help if you included your entire config. You're likely editing out important things. At the very least, your supplied config is missing the server{} statements necessary to use TSIG in your zone transfer requests. > > Here’s my part of my config for Master and Slave: > > MASTER (10.233.0.198): > > key WAN-key { > algorithm hmac-md5; > secret “FsrWAd2G5saYSd3bOx0mw=="; > }; > > key LAN-key { > algorithm hmac-md5; > secret “4hKGvi4BDswdTD2f1sEE2i=="; > }; > > acl lan_hosts { key LAN-key; !key WAN-key; 192.168.0.0/16; 10.233.0.0/24; > localhost; }; > acl wan_queries { key WAN-key; !key LAN-key; !192.168.0.0/16; ! > 10.233.0.0/24; }; > > include "/etc/rndc.key"; > controls { > inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; }; > }; > > view "LAN” { > > match-clients { lan_hosts; }; > allow-transfer { key LAN-key; }; > also-notify { 10.233.0.189 key LAN-key; }; > > zone “intranet.site" { > type slave; > masters { > 10.233.0.198; > }; > file "/var/named/slaves/intranet.site.LAN.hosts"; > }; > } > > > > > SLAVE (10.233.0.189): > > key WAN-key { > algorithm hmac-md5; > secret “FsrWAd2G5saYSd3bOx0mw=="; > }; > > key LAN-key { > algorithm hmac-md5; > secret “4hKGvi4BDswdTD2f1sEE2i=="; > }; > > acl lan_hosts { key LAN-key; !key WAN-key; 192.168.0.0/16; 10.233.0.0/24; > localhost; }; > acl wan_queries { key WAN-key; !key LAN-key; !192.168.0.0/16; ! > 10.233.0.0/24; }; > > include "/etc/rndc.key"; > controls { > inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; }; > }; > > view "LAN” { > > match-clients { lan_hosts; }; > > zone “intranet.site" { > type slave; > masters { > 10.233.0.198; > }; > file "/var/named/slaves/intranet.site.LAN.hosts"; > }; > } > > > > On Dec 21, 2016, at 10:59 AM, Asai <a...@globalchangemusic.org> wrote: > > Yes, thank you. I think Mark’s link to the article is the proper > solution. Thank you for your reply. > > > On Dec 21, 2016, at 10:55 AM, Matthew Pounsett <m...@conundrum.com> wrote: > > > > On 20 December 2016 at 16:45, Asai <a...@globalchangemusic.org> wrote: > >> Greetings, >> >> Quick question. Using BIND 9.9.4. I have 2 zones. One for LAN traffic, >> and one for WAN traffic. My secondary server is transferring the wrong >> zones, so that my WAN zone has all the A records for my LAN zone. >> >> Any insights on this? >> >> Most likely you've misconfigured your master server such that the slave > (secondary) sees the wrong zone when doing zone transfers. But, because > you haven't provided any real detail about your configuration, no one is > going to be able to provide much in the way of advice about how to fix it. > > You should read the article that Mark Andrews linked, and if you still are > not able to solve the problem you should return with some details about > your setup. > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users