Hi there,
I'm running some bind servers. To be able to move the Bind application to a different server, we're using service IPs.
E.g.
Master server:
Server-IP: 172.16.0.1/16
Service-IP: 172.16.1.1/16 (=Secondary IP + Listen address in named.conf)
Slave server:
Server-IP: 172.16.0.2/16
Service-IP: 172.16.1.2/16 (=Secondary IP + Listen address in named.conf)
The clients use 172.16.1.1 and 172.16.1.2 in their resolv.conf.
When I update a zone file on the master zone the slave will be notified. But the notification will be send on 172.16.0.1 and not on 172.16.1.1. On the slave server the problem is similar. The zone transfer will be requested from 172.16.0.2 and not from 172.16.1.1.
So I have to specify in the zone definition of the Master: allow-transfer { 172.16.1.1; 172.16.0.1; }; and on the Slave: allow-notify { 172.16.0.1; };
How can I bind the Named server to use explicitly the secondary IP for inbound (listen) and outbound (sending) traffic?
Bind bind to secondary IP
Message
- mvaterlaus
- Apprentice
- Posts: 242
- Joined: Fri Oct 01, 2010 3:29 pm
- Location: Switzerland
Hi,
i think you can add the following to your named config:
This will tell Bind to listen on localhost and the specified IP. Also it will no longer answer queries on the interface with IP 172.16.0.1.
i think you can add the following to your named config:
Code: Select all
...
options {
listen-on port 53 { 127.0.0.1; 172.16.1.1; };
...
What you have written is already configured.mvaterlaus wrote:Also it will no longer answer queries on the interface with IP 172.16.0.1.
The problem are not the answers of the DNS queries by any clients. The problem is the zone update notification sent by the master to the slaves. This is done via the primary IP.
And also the zone update request on the slaves to the master are sent on the primary IP.
It's been a while since I touched bind for the last time, but you should have defined a slave server in master's configuration.
There is also-notify option too.
So, if you define master and slave relationship using secondary IPs, routing table should take care of the rest. Like in: the notification is for 172.16.1.2 which is connected by a specific route, therefore I should use 172.16.1.1 as the source address instead of default.
Also:
This is wrong. Both addresses are in the same network. While such setup can be used in some scenarios, it won't work for you. Make at least one of those masks more specific.
There is also-notify option too.
So, if you define master and slave relationship using secondary IPs, routing table should take care of the rest. Like in: the notification is for 172.16.1.2 which is connected by a specific route, therefore I should use 172.16.1.1 as the source address instead of default.
Also:
Code: Select all
Server-IP: 172.16.0.1/16
Service-IP: 172.16.1.1/16- mvaterlaus
- Apprentice
- Posts: 242
- Joined: Fri Oct 01, 2010 3:29 pm
- Location: Switzerland
Hmm,
I never noticed this, when running a BIND server with two Interfaces. I find this behavior very strange. But according to this link [1] you can use the following directives in your config:
[1] https://www.cyberciti.biz/tips/bind-nam ... dress.html
I never noticed this, when running a BIND server with two Interfaces. I find this behavior very strange. But according to this link [1] you can use the following directives in your config:
Code: Select all
options {
...
transfer-source 172.16.1.1;
use-alt-transfer-source yes;
...
}
[1] https://www.cyberciti.biz/tips/bind-nam ... dress.html