Got around to adding a virtual interface on the production box (I never could get this working with keys alone), I had labbed this up previously in reverse of what I needed but transfers were broken on the production box when I reversed the views that contained the master/slave.
The following works on the lab box, but when I swap master and zone between views It breaks. What I wanted was: view "internal" -> match-clients { localnets; }; -> slave zones view "external" -> match-clients { any; }; -> master zones I suppose it makes sense, but none the less, I think I have been staring at this too long. Any have any insight? All the dynamic clients reside on the public side. view "internal" { match-clients { localhost; }; server 10.0.0.4 { keys { external; }; }; recursion yes; zone "foo.local" { type master; allow-update { key dhcpd_ddns; }; also-notify { 172.16.0.1; }; allow-query { any; }; file "/var/named/foo.local.zone.db"; }; }; view "external" { match-clients { any; }; recursion yes; zone "foo.local" { type slave; masters { 10.0.0.4; }; allow-update { key external; }; file "dynamic/foo.local.slave_zone.db"; }; }; key external { algorithm hmac-md5; secret "..."; }; _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users