Hi people, I have a master/slave Bind 9.10.3 servers configured with views and TSIG keys on a Debian 9 host. But the transfer from master to slave is refused in the slave side, there is no a descriptive error.
In both Views I have delegated the same two zones: black.com and white.com, with different records according to the view. Please if I send my configuration, can you help me to detect the fail in the zone transfer from master to slave??? Thanks a lot in advance. MASTER named.conf: key "rndc-key" { algorithm hmac-md5; secret "+PGWO1r5rrT8hcA47Anu0w=="; }; controls { inet 127.0.0.1 allow { localhost; } keys { rndc-key; }; }; include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; named.conf.options: options { directory "/var/cache/bind"; also-notify { 10.0.0.2; }; dnssec-validation no; dnssec-enable yes; auth-nxdomain no; allow-query { any; }; notify explicit; recursion no; version "none"; }; named.conf.local: key one { algorithm HMAC-MD5; secret "uohej/pa1oLBK4Cfhi3zAA=="; }; key two { algorithm HMAC-MD5; secret "HcKSpnKhqg/+KFvOg2uTag=="; }; key three { algorithm HMAC-MD5; secret "1JikGx1kdjq/cTCsi36/JQ=="; }; acl one { !key two; !key three; key one; 10.10.0.0/24; }; acl two { !key one; !key three; key two; 10.10.1.0/24; }; acl three { !key one; !key two; key three; 10.10.2.0/24; }; view "one" { match-clients { one; }; server 10.0.0.2 { keys one; }; recursion yes; allow-transfer { key one; }; zone "black.com." { type master; file "/etc/bind/zones/black.com.one.db"; also-notify { 10.0.0.2 key one; }; }; zone "white.com" { type master; file "/etc/bind/zones/white.com.one.db"; also-notify { 10.0.0.2 key one; }; }; }; view "two" { match-clients { two; }; server 10.0.0.2 { keys two; }; recursion yes; allow-transfer { key two; }; zone "black.com." { type master; file "/etc/bind/zones/black.com.two.db"; also-notify { 10.0.0.2 key one; }; }; zone "white.com" { type master; file "/etc/bind/zones/white.com.two.db"; also-notify { 10.0.0.2 key one; }; }; }; SLAVE named.conf: include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; named.conf.options: options { directory "/var/cache/bind"; allow-transfer {"none";}; dnssec-validation no; dnssec-enable yes; auth-nxdomain no; allow-query { any; }; notify explicit; recursion no; version "none"; }; named.conf.local: key one { algorithm HMAC-MD5; secret "uohej/pa1oLBK4Cfhi3zAA=="; }; key two { algorithm HMAC-MD5; secret "HcKSpnKhqg/+KFvOg2uTag=="; }; key three { algorithm HMAC-MD5; secret "1JikGx1kdjq/cTCsi36/JQ=="; }; acl one { !key two; !key three; key one; 10.10.0.0/24; }; acl two { !key one; !key three; key two; 10.10.1.0/24; }; acl three { !key one; !key two; key three; 10.10.2.0/24; }; view "one" { match-clients { one; }; server 10.0.0.1 { keys one; }; recursion yes; zone "black.com" { type slave; masters { 10.0.0.1 key one; }; file "/etc/bind/zones/black.com.one.db"; }; zone "white.com" { type slave; masters { 10.0.0.1 key one; }; file "/etc/bind/zones/white.com.one.db"; }; }; view "two" { match-clients { two; }; server 10.0.0.1 { keys two; }; recursion yes; zone "black.com" { type slave; masters { 10.0.0.1 key one; }; file "/etc/bind/zones/black.com.two.db"; }; zone "white.com" { type slave; masters { 10.0.0.1 key one; }; file "/etc/bind/zones/white.com.two.db"; }; };
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users