I have a master/slave dns system in place using bind. The master has 2 views, a local and a public. There are 2 slave servers that have these same views (Copied the config file to the slaves and changed them from master to slave). All seemed to be working, inside my network I got the local network dns info, and outside seemed to get the public dns info.
However now that I am offsite I notice that the local-only dns info is whats being provided. I did a check using some online tools to dig my nameservers. The master name server is returning the correct public dns info, however the slaves are returning the local-only info.
Here is a slave's config file:
options {
directory "/var/bind";
pid-file "/var/run/named/named.pid";
listen-on-v6 { ::1; 2002:4b94:5e92::1; 2002:4b94:5e91:2::31; };
listen-on { 127.0.0.1; 75.148.94.146; 192.168.0.31; };
transfer-source-v6 2002:4b94:5e91:2::31;
allow-query { any; };
recursion no;
};
logging {
channel default_log {
file "/var/log/named/named.log" versions 5 size 50M;
print-time yes;
print-severity yes;
print-category yes;
};
category default { default_log; };
category general { default_log; };
};
view "local" {
match-clients { 192.168.0.0/16; 127.0.0.1; 2002:4b94:5e91:2::/16; };
recursion yes;
zone "." IN {
type hint;
file "named.cache";
};
zone "open-exodus.net" {
type slave;
masters { 2002:4b94:5e91:2::2; };
file "pri/open-exodus.net.local.fw";
};
zone "0.168.192.in-addr.arpa" {
type slave;
masters { 2002:4b94:5e91:2::2; };
file "pri/open-exodus.net.local.rev";
};
# zone "2.0.0.0.0.0.0.0.1.9.e.5.4.9.b.4.2.0.0.2.ip6.arpa" {
# type master;
# file "pri/open-exodus.net.local.ip6.rev";
# };
};
view "public" {
match-clients { any; };
recursion no;
zone "open-exodus.net" {
type slave;
masters { 2002:4b94:5e91:2::2; };
file "pri/open-exodus.net.global.fw";
};
};
I cannot get to the master config file offsite, but it is virtually identical. The only thing I can think of is that the "public" view transfers from the masters private address, could that be the problem? Does it transfer the view for the address, or for the listed file?
Assuming your address match lists are correct I would bet that your slaves are seeing the "local" view by default (the IP they use to query the master matches the "local" view's criteria), so when a zone change happens and they synchronize they pull the "inside" zone and serve it to the outside world.
If I'm right the
pri/open-exodus.net.global.fw
on your slaves will have "local" data in it.Your best bet to fix this is to use the
query-source
directive in the views on your slaves to ensure that when they fetch zones they use an IP that will see the appropriate view...