3. Bind view+sync bug

Bind view+sync bug

  • H

    The Bind package supports both 'sync' and 'views'.  In a two system failover setup, if:

    1. sync to configured backup server is enabled. and
    2. there are two views of the same domain, one to include the LAN subnet and the other to exclude the LAN subnet (www only)
    3. dnssec enabled (don't know if this is or isn't necessary to demonstrate the bug)

    then

    All dns requests to the slave mode / backup computer will resolve using only the LAN name database.  The version running as the master name server will do the 'split dns' resolution normally.

    v 2.3.1-RELEASE-p1

    Workaround:

    Use Bind for only the www name database, exclude the WAN.  Single view.  Enable the local resolver / Unbound for the LAN lookups.  Be sure to delete /cf/named/etc/namedb/slave/<domain>/* or it will still resolve the old LAN names.</domain>

    0
  • H

    PS.  The namedb files in /cf/named/etc/namedb/slave/LAN and …/WAN are the same, and match those under /LAN on the master.  The  ..../WAN db on the master is correct.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy