>On Mon, 23 Jun 2003, J.D. Bronson wrote:
> > What is my work around? - I still need to not only notify my NS2, but at
> > the same time another slave that is off site.
>
>There are probably more elegant solutions, but I believe one way would be
>to use a combination of ethernet aliases and also-notify. Define aliases
>on your primary and secondary and make them a part of the outside view so
>updates will happen properly. Then use also-notify on your master,
>
>zone "your.org" {
> type master;
> file "db.your.org";
> also-notify { inside.alias.of.slave; };
>};
>
>Make sure the alias addresses are allowed through any firewalls, acls,
>etc. and you should be good. You could also configure the internal
>aliases to resolve to the same names as your public nameservers for
>consistency. In that case, the also-notify is probably redundant
>(nameserver would lookup the names and notify any listed nameservers
>automatically).
>
>-mrh
I though that between the web site and other tips given, it would work. It
doesnt. Internal <-> internal machines on DNS XFR and REFRESH all work
fine. The external ones want to keep trying to go to my router (which does
not do NAT loopback) and they fail.
I dont know what I am missing here, but it must be something simple. All i
need to do is have 2 views (which do seem to work ok) but all the zone
transfers/updates/etc.. must all happen within the **LAN side** of the router.
I cant go out and back in again with this router. My old router could and
thats why it was working and I had no issues.
Here is most of my relevant config:
1. I created an alias on each DNS machine of my ethernet cards.
2. Bind is set to listen on all of my IPs on each machine.
This is from my DNS1 machine (master):
======================================
192.168.10.50 is an alias of 192.168.10.30
// Begin internal Zone information //
view "internal" {
match-clients { !192.168.10.50; !192.168.10.51; 192.168.10/24; };
allow-query { 127.0.0/24; 192.168.10/24; };
notify-source 192.168.10.30;
transfer-source 192.168.10.30;
query-source address 192.168.10.30;
recursion yes;
// Begin external Zone information //
view "external" {
match-clients { any; };
notify-source 192.168.10.50;
transfer-source 192.168.10.50;
query-source address 192.168.10.50;
recursion no;
----------------------------------------------
This is from my DNS2 machine (slave):
=====================================
192.168.10.51 is an alias of 192.168.10.40
// Begin internal zone information //
view "internal" {
match-clients { !192.168.10.50; !192.168.10.51; 192.168.10/24; };
allow-query { 127.0.0/24; 192.168.10/24; };
notify-source 192.168.10.40;
transfer-source 192.168.10.40;
query-source address 192.168.10.40;
allow-transfer { none; };
recursion yes;
// Begin external zone information //
view "external" {
match-clients { any; };
notify-source 192.168.10.51;
transfer-source 192.168.10.51;
query-source address 192.168.10.51;
allow-transfer { none; };
recursion no;
...because I have 2 public DNS servers, when the master goes to notify the
slave it tries to use the PUBLIC way out and that of course doesnt work.
I did try adding "notify explicit with also-notify { 192.168.10.51; ) and
that didnt work at all. Nothing!
anything obvious I am missing please?
Thanks.
--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Fax: 414.328.8282 // Pager: 414.314.8282
|
