Bind 9 - zone transfer using internal IP ?
Hello,
I am having a problem with Bind 9 and zone transfers ... I have my main DNS server on network A 205.X.X.X out on the internet. It has a public IP. The box is only a DNS server, no other servers and has it's own firewall rules allowing only port 53 traffic.
Now at my location I have setup a secondary DNS server (ns2.domain.com) on a DMZ network. I have added in zones for all of my domains.
I have configured my master server to only allow zone transfers from the public IP of my secondary server.
Now when I start the secondary server for the first time it will do all the zone transfers fine. If I update the SOA on the master it notifies the secondary and all the zone transfers happen.
But I see the following in the log file:
client 192.168.X.X#57970: bad zone transfer request: 'ns.domain.com/IN': non-authoritative zone (NOTAUTH)
I believe the problem is the secondary is sending it's internal IP in a zone transfer request ?
Any suggestions would help !!
Michael.
|