I have two DNS servers, one local and one remote, and I am trying to get them to talk to each other using views.
The problem I'm having is that the remote server can talk to the local one and receive zone files, but if I update the local server internal view, the remote doesn't receive the update. Here is my config:
local
Quote:
key "external" {
algorithm hmac-md5;
secret "xxxxx";
};
controls {
inet 127.0.0.1 allow { localhost; };
};
options {
listen-on-v6 { none; };
pid-file "/var/run/named/named.pid";
directory "/var/named";
allow-transfer { x.x.x.x; 192.168.0.0/16; 172.16.0.0/12; };
also-notify { x.x.x.x; };
notify explicit;
version none;
hostname none;
server-id none;
max-ncache-ttl 3;
recursive-clients 10000;
};
view "internal" {
match-clients { !key external; 192.168.0.0/16; 172.16.0.0/12; x.x.x.x; };
recursion yes;
# Forward Zones
zone "example.com" { type master; file "internal/masters/example.com.zone"; };
# Reverse Zones
zone "2.168.192.in-addr.arpa" { type master; file "internal/masters/192.168.2.rev"; };
};
view "external" {
match-clients { key external; any; };
server 192.168.2.21 { keys external; };
recursion no;
zone "example.com" { type master; file "external/masters/example.com.zone"; };
};
logging {
channel logfile {
file "/var/log/named.log" versions 3 size 1m;
print-time yes;
print-category yes;
};
category default { logfile; };
category lame-servers { null; };
category notify { logfile; };
};
include "/etc/rndc.key";
|
remote:
Quote:
key "external" {
algorithm hmac-md5;
secret "xxxxxxx";
};
controls {
inet 127.0.0.1 allow { localhost; };
};
options {
listen-on-v6 { none; };
pid-file "/var/run/named/named.pid";
directory "/var/named";
notify explicit;
version none;
hostname none;
server-id none;
max-ncache-ttl 3;
recursive-clients 10000;
};
view "internal" {
match-clients { 172.16.0.0/12; !key external; };
recursion yes;
# Forward Zones
zone "example.com" { type slave; file "internal/slaves/example.com.zone"; masters { y.y.y.y; }; };
};
view "external" {
match-clients { any; key external; };
server y.y.y.y { keys external; };
recursion no;
zone "example.com" { type slave; file "external/slaves/example.com.zone"; masters { y.y.y.y; }; };
};
logging {
channel logfile {
file "/var/log/named.log" versions 3 size 1m;
print-time yes;
print-category yes;
};
category default { logfile; };
category lame-servers { null; };
category notify { logfile; };
};
include "/etc/rndc.key";
|
The logs on the local:
Quote:
12-Jul-2011 10:18:01.435 notify: zone example.com/IN/internal: sending notifies (serial 2011071201)
12-Jul-2011 10:18:01.435 notify: zone example.com/IN/external: sending notifies (serial 2011062904)
|
The logs on the remote:
Quote:
12-Jul-2011 10:18:38.774 notify: client y.y.y.y#4368: view external: received notify for zone 'example.com'
12-Jul-2011 10:18:38.780 notify: client y.y.y.y#4368: view external: received notify for zone '2.168.192.in-addr.arpa': not authoritative
12-Jul-2011 10:18:38.783 notify: client y.y.y.y#4368: view external: received notify for zone 'example.com'
12-Jul-2011 10:18:38.783 general: zone example.com/IN/external: notify from y.y.y.y#4368: zone is up to date
|
On initial startup, the remote server has no issue receiving the internal view:
Quote:
12-Jul-2011 10:27:15.084 general: zone example.com/IN/internal: Transfer started.
12-Jul-2011 10:27:15.185 xfer-in: transfer of 'example.com/IN' from y.y.y.y#53: connected using z.z.z.z#42340
12-Jul-2011 10:27:15.541 general: zone example.com/IN/internal: transferred serial 2011071201
12-Jul-2011 10:27:15.541 xfer-in: transfer of 'example.com/IN' from x.x.x.x#53: end of transfer
|
The remote server is sitting behind a firewall on a NATed connection, but I don't think that matters since it's receiving external no problem.
Any clues?
