LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-06-2013, 01:58 PM   #1
buee
Member
 
Registered: May 2009
Posts: 81

Rep: Reputation: 16
Non Authoritative Zone when using particular View w/ BIND


I recently set up two nameservers, of course, master (ns1) and slave (ns2). My servers are 192.168.168.16 and .17 and they're both running BIND9. Everything worked fine, zone transfers were working, queries, etc. I went to implement views as I have some domains that will need to be queried from the internet, but I'd also like to address my internal machines and only have them respond to internal queries. I threw in a generic "lr" domain to represent my internal machines and of course have my 192.168.168 network for PTR records which should also be internal, then I set the default zones, 0, 127, and 255 up for internal view only. Here's the config:

Code:
acl internal {
192.168.168.0/24;
10.254.254.2;
localhost;
};
view "internal" {
match-clients {
    internal;
    };
recursion yes;
also-notify {
    192.168.168.17;
    };
zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
    };
zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
    };
zone "168.168.192.in-addr.arpa" {
    type master;
    file "/var/lib/bind/192.168.168.rev";
    };
zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
    };
zone "localhost" {
    type master;
    file "/etc/bind/db.local";
    };
zone "mylocalnet" {
    type master;
    file "/var/lib/bind/mylocalnet.internal.hosts";
    };
};

view "public" {
match-clients {
    any;
    };
recursion no;
also-notify {
    192.168.168.17;
    };
zone "external" {
    type master;
    file "/var/lib/bind/external.public.hosts";
    };
};
Now, when the external zone (in public view) attempts to transfer, I get the following in the logs:

Code:
Jun  5 13:44:25 ns2 named[26887]: zone external/IN/public: refresh: non-authoritative answer from master 192.168.168.16#53 (source 0.0.0.0#0)
When the mylocalnet zone (in internal) attempts to transfer, it transfers flawlessly.

If I take the external zone and put it in the internal view, it transfers fine as well. It seems that only zones in the public view will not transfer.

Here's the config of the slave:

Code:
acl internal {
192.168.168.0/24;
10.254.254.2;
localhost;
};
view "internal" {
recursion yes;
allow-transfer {
    192.168.168.16;
    };
match-clients {
    192.168.168.0/24;
    10.254.254.2;
    };
allow-notify {
    192.168.168.16;
    };
zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
    };
zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
    };
zone "168.168.192.in-addr.arpa" {
    type slave;
    masters {
        192.168.168.16;
        };
    file "/var/lib/bind/192.168.168.rev";
    };
zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
    };
zone "localhost" {
    type master;
    file "/etc/bind/db.local";
    };
zone "mylocalnet" {
    type slave;
    masters {
        192.168.168.16;
        };
    file "/var/lib/bind/mylocalnet.internal.hosts";
    };
};
view "public" {
recursion no;
allow-transfer {
    192.168.168.16;
    };
allow-notify {
    192.168.168.16;
    };
zone "external" {
    type slave;
    masters {
        192.168.168.16;
        };
    file "/var/lib/bind/external.public.hosts";
    };
};
Anyone know what I'm doing wrong?
 
Old 06-10-2013, 08:11 PM   #2
firask317
LQ Newbie
 
Registered: Feb 2012
Posts: 11

Rep: Reputation: Disabled
Hello,

I think this will solve your problem:

Code:
view "nameservers" { 
match-clients {
192.168.168.17; 
};

recursion yes;
also-notify {
    192.168.168.17;
    };

zone "168.168.192.in-addr.arpa" {
    type master;
    file "/var/lib/bind/192.168.168.rev";
    };

zone "mylocalnet" {
    type master;
    file "/var/lib/bind/mylocalnet.internal.hosts";
    };

zone "external" {
    type master;
    file "/var/lib/bind/external.public.hosts";
    };

};


acl internal {
192.168.168.0/24;
10.254.254.2;
localhost;
};
view "internal" {
match-clients {
    internal;
    };

//... Define your internal zones here

};

view "public" {
match-clients {
    any;
    };

//... Define your external zones here

};

This way your secondary name server will see all zones. You had a problem because based on the IP address of the secondary nameserver, the view would be "internal" and your "external" zone is not defined there.

Hope this will solve the problem.
Regards,
Firas

Last edited by firask317; 06-10-2013 at 08:24 PM.
 
  


Reply

Tags
bind, zone files


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS BIND 9 view and forward zone problem new_kubunto Linux - Software 3 06-19-2012 03:43 AM
Which zone bind dns work either in forward zone are reverse zone sanjay87 Linux - Server 2 06-05-2012 04:21 AM
BIND - How do you remove "Authoritative nameservers" in UDP message? wischad Linux - Networking 3 01-29-2011 10:53 AM
BIND forward zone OK, reverse zone NOT OK! n03x3c Linux - Server 2 11-05-2008 10:31 PM
bind9: configuration: non-authoritative zone tilman1 Linux - Networking 3 05-11-2008 05:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 05:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration