I recently set up two nameservers, of course, master (ns1) and slave (ns2). My servers are 192.168.168.16 and .17 and they're both running BIND9. Everything worked fine, zone transfers were working, queries, etc. I went to implement views as I have some domains that will need to be queried from the internet, but I'd also like to address my internal machines and only have them respond to internal queries. I threw in a generic "lr" domain to represent my internal machines and of course have my 192.168.168 network for PTR records which should also be internal, then I set the default zones, 0, 127, and 255 up for internal view only. Here's the config:
Code:
acl internal {
192.168.168.0/24;
10.254.254.2;
localhost;
};
view "internal" {
match-clients {
internal;
};
recursion yes;
also-notify {
192.168.168.17;
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "168.168.192.in-addr.arpa" {
type master;
file "/var/lib/bind/192.168.168.rev";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "mylocalnet" {
type master;
file "/var/lib/bind/mylocalnet.internal.hosts";
};
};
view "public" {
match-clients {
any;
};
recursion no;
also-notify {
192.168.168.17;
};
zone "external" {
type master;
file "/var/lib/bind/external.public.hosts";
};
};
Now, when the external zone (in public view) attempts to transfer, I get the following in the logs:
Code:
Jun 5 13:44:25 ns2 named[26887]: zone external/IN/public: refresh: non-authoritative answer from master 192.168.168.16#53 (source 0.0.0.0#0)
When the mylocalnet zone (in internal) attempts to transfer, it transfers flawlessly.
If I take the external zone and put it in the internal view, it transfers fine as well. It seems that only zones in the public view will not transfer.
Here's the config of the slave:
Code:
acl internal {
192.168.168.0/24;
10.254.254.2;
localhost;
};
view "internal" {
recursion yes;
allow-transfer {
192.168.168.16;
};
match-clients {
192.168.168.0/24;
10.254.254.2;
};
allow-notify {
192.168.168.16;
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "168.168.192.in-addr.arpa" {
type slave;
masters {
192.168.168.16;
};
file "/var/lib/bind/192.168.168.rev";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "mylocalnet" {
type slave;
masters {
192.168.168.16;
};
file "/var/lib/bind/mylocalnet.internal.hosts";
};
};
view "public" {
recursion no;
allow-transfer {
192.168.168.16;
};
allow-notify {
192.168.168.16;
};
zone "external" {
type slave;
masters {
192.168.168.16;
};
file "/var/lib/bind/external.public.hosts";
};
};
Anyone know what I'm doing wrong?
