Sorry that 10.0.9.9 should be 10.9.9.9 - i.e. notify-source and transfer-source are the same IP within the same view.
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Lightner, Jeffrey Sent: Friday, December 08, 2017 8:34 AM To: Eoin Kim; bind-users@lists.isc.org Subject: RE: [Question] zone transfer issue with multiple views When we did it here we setup separate notify-source and transfer-source within the views on both the master and the slave. view "internal" { match-clients { internaldns; }; notify-source 10.9.9.8.; transfer-source 10.9.9.8; allow-transfer { dnsservers; }; ...then our zones for internal view Internaldns acl is one that we specify servers inside our network. dnsserrvers acl is one that specifies the primary internal facing IP of the master and the slave view "external" { match-clients { any; }; notify-source 10.9.9.9; transfer-source 10.0.9.9; allow-transfer { dswadnsalias; }; ...then our zones for external view any allows external locations to query us (we have recursion turned off) dswadnsalias acl is one that specifies the alias IPs on the same NIC as the internal facing IP of the master and the slave The IPs above would be on the master - you'd have separate IPs (but the same ACLs) on the slave. You can create an alias IP on your primary NIC so for example here we have: eth1 = 10.9.9.8 eth1:1 = 10.0.9.9 (In our config eth0 is the one we use for external facing traffic - eth1 is used for internal including zone transfers)
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
