Re: [CentOS] Master - Slave Split DNS
On Mon, February 23, 2015 23:21, aditya hilman wrote: Hi folks, After configure the iptables for masquerade the zone transfer traffic. I've found new issue, below the log on slave : zone domain.com/IN/external-view: serial number (2015022302) received from master 10.xx.xx.xx#53 ours (2015022303) The zone on the slave doesn't update. The reason the zone does not update is given in the message. The serial number on the slave copy of the zone file is greater than the serial number on the master's copy. You need to figure out why that is so and fix that issue. Then the slave should update. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Master - Slave Split DNS
Hi folks, After configure the iptables for masquerade the zone transfer traffic. I've found new issue, below the log on slave : zone domain.com/IN/external-view: serial number (2015022302) received from master 10.xx.xx.xx#53 ours (2015022303) The zone on the slave doesn't update. Thanks. On Fri, Feb 20, 2015 at 2:57 PM, Alexander Dalloz ad+li...@uni-x.org wrote: Am 20.02.2015 um 05:07 schrieb aditya hilman: 18-Feb-2015 09:00:59.176 notify: debug 2: zone domain.com/IN/external-view: notify to 202.xx.xx.xx#53 failed: timed out Can i redirect transfer zone the external-view using the local ip 10.xx.xx.xx ? That's just normal network handling: NATting / masquerading the RFC1918 address space for routing in the public address space. Nothing bind does itself. Thanks. Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Regards, Adit http://a http://simplyaddo.web.iddityahilman.com http://id.linkedin.com/in/adityahilman ym : science2rule ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Master - Slave Split DNS
Am 20.02.2015 um 05:07 schrieb aditya hilman: 18-Feb-2015 09:00:59.176 notify: debug 2: zone domain.com/IN/external-view: notify to 202.xx.xx.xx#53 failed: timed out Can i redirect transfer zone the external-view using the local ip 10.xx.xx.xx ? That's just normal network handling: NATting / masquerading the RFC1918 address space for routing in the public address space. Nothing bind does itself. Thanks. Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Master - Slave Split DNS
On Wed, Feb 18, 2015 at 7:47 PM, aditya hilman aditya.hil...@gmail.com
wrote:
On Feb 18, 2015 7:43 PM, Tris Hoar trish...@bgfl.org wrote:
On 18/02/2015 07:17, aditya hilman wrote:
Hi folks,
I've already configured split DNS for internal-view and external-view.
Also
already configured the master - slave dns.
But i've problem with external-view zone transfer.
Based on the logs, the master notify to slave using the public ip,
which is
not accessible by master to transfering the zone over public ip.
Is it possible to transfer zone over local ip for external-view ?
Thanks.
Hi Adit,
If you are not already using TSIG's in your views I suggest you look at
this guide
http://blog.hudecof.net/posts/2014/02/07/bind9-with-views-and-tsig-axfr.html
It shows how to use TSIG's to identify the views so you can slave both
of them to the secondary.
also you want to add to the options section on the master
also-notify { slaves-IP; };
This make it tell the slave to update its zone.
Tris
*
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
postmas...@bgfl.org
The views expressed within this email are those of the individual, and
not necessarily those of the organisation
*
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Thanks all for the suggestions.
I'll check it.
Hi folks,
Below the named.conf and logs when transfer zone the external-view.
Transfer zone for the internal-view is working properly.
named.conf
view internal-view {
match-clients { internal; };
zone . IN {
type hint;
file named.ca;
};
# domain zone
zone domain.com {
type master;
file domain.com.internal;
allow-transfer { 10.xx.xx.xx; 10.xx.xx.xx; };
notify yes;
also-notify { 10.xx.xx.xx; 10.xx.xx.xx; };
};
}
view external-view {
match-clients { any; };
zone . IN {
type hint;
file named.ca;
};
# domain zone
zone domain.com {
type master;
file domain.com.external;
allow-transfer { 10.xx.xx.xx; 10.xx.xx.xx; };
notify yes;
also-notify { 10.xx.xx.xx; 10.xx.xx.xx; };
};
}
18-Feb-2015 09:00:59.176 notify: debug 2: zone domain.com/IN/external-view:
notify to 202.xx.xx.xx#53 failed: timed out
Can i redirect transfer zone the external-view using the local ip
10.xx.xx.xx ?
Thanks.
--
Regards,
Adit
http://a http://simplyaddo.web.iddityahilman.com
http://id.linkedin.com/in/adityahilman
ym : science2rule
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Master - Slave Split DNS
On 2/17/2015 11:17 PM, aditya hilman wrote: I've already configured split DNS for internal-view and external-view. Also already configured the master - slave dns. But i've problem with external-view zone transfer. Based on the logs, the master notify to slave using the public ip, which is not accessible by master to transfering the zone over public ip. Is it possible to transfer zone over local ip for external-view ? your master and slaves really should be geographically distributed, so this problem wouldn't come up. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Master - Slave Split DNS
On 02/18/2015 08:17 PM, aditya hilman wrote: Hi folks, I've already configured split DNS for internal-view and external-view. Also already configured the master - slave dns. But i've problem with external-view zone transfer. Based on the logs, the master notify to slave using the public ip, which is not accessible by master to transfering the zone over public ip. Is it possible to transfer zone over local ip for external-view ? Thanks. Been a while since I did this, but as I recall I had to set up a second local IP address to transfer the external zone files so it could distinguish between the internal and external requests. HTH ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Master - Slave Split DNS
Am 18.02.2015 um 12:26 schrieb Leon Fauster leonfaus...@googlemail.com:
Am 18.02.2015 um 08:17 schrieb aditya hilman aditya.hil...@gmail.com:
Hi folks,
I've already configured split DNS for internal-view and external-view. Also
already configured the master - slave dns.
But i've problem with external-view zone transfer.
Based on the logs, the master notify to slave using the public ip, which is
not accessible by master to transfering the zone over public ip.
Is it possible to transfer zone over local ip for external-view ?
add to your external view
allow-notify { local ip; };
sorry - i meant also-notify ...
--
LF
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Master - Slave Split DNS
Am 18.02.2015 um 08:17 schrieb aditya hilman aditya.hil...@gmail.com:
Hi folks,
I've already configured split DNS for internal-view and external-view. Also
already configured the master - slave dns.
But i've problem with external-view zone transfer.
Based on the logs, the master notify to slave using the public ip, which is
not accessible by master to transfering the zone over public ip.
Is it possible to transfer zone over local ip for external-view ?
add to your external view
allow-notify { local ip; };
--
LF
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Master - Slave Split DNS
On 18/02/2015 07:17, aditya hilman wrote:
Hi folks,
I've already configured split DNS for internal-view and external-view. Also
already configured the master - slave dns.
But i've problem with external-view zone transfer.
Based on the logs, the master notify to slave using the public ip, which is
not accessible by master to transfering the zone over public ip.
Is it possible to transfer zone over local ip for external-view ?
Thanks.
Hi Adit,
If you are not already using TSIG's in your views I suggest you look at
this guide
http://blog.hudecof.net/posts/2014/02/07/bind9-with-views-and-tsig-axfr.html
It shows how to use TSIG's to identify the views so you can slave both
of them to the secondary.
also you want to add to the options section on the master
also-notify { slaves-IP; };
This make it tell the slave to update its zone.
Tris
*
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity
to whom they are addressed. If you have received this email
in error please notify postmas...@bgfl.org
The views expressed within this email are those of the
individual, and not necessarily those of the organisation
*
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Master - Slave Split DNS
On Feb 18, 2015 7:43 PM, Tris Hoar trish...@bgfl.org wrote:
On 18/02/2015 07:17, aditya hilman wrote:
Hi folks,
I've already configured split DNS for internal-view and external-view.
Also
already configured the master - slave dns.
But i've problem with external-view zone transfer.
Based on the logs, the master notify to slave using the public ip, which
is
not accessible by master to transfering the zone over public ip.
Is it possible to transfer zone over local ip for external-view ?
Thanks.
Hi Adit,
If you are not already using TSIG's in your views I suggest you look at
this guide
http://blog.hudecof.net/posts/2014/02/07/bind9-with-views-and-tsig-axfr.html
It shows how to use TSIG's to identify the views so you can slave both of
them to the secondary.
also you want to add to the options section on the master
also-notify { slaves-IP; };
This make it tell the slave to update its zone.
Tris
*
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
postmas...@bgfl.org
The views expressed within this email are those of the individual, and
not necessarily those of the organisation
*
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Thanks all for the suggestions.
I'll check it.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Master - Slave Split DNS
Hi folks, I've already configured split DNS for internal-view and external-view. Also already configured the master - slave dns. But i've problem with external-view zone transfer. Based on the logs, the master notify to slave using the public ip, which is not accessible by master to transfering the zone over public ip. Is it possible to transfer zone over local ip for external-view ? Thanks. -- Regards, Adit http://a http://simplyaddo.web.iddityahilman.com http://id.linkedin.com/in/adityahilman ym : science2rule ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
