[clue-tech] Critical BIND issues behind firewall

[Chris Schock]

> view "external" {
>          match-clients { any; };
>          recursion no;
>
> zone "." {
>          type hint;
>          file "db.cache";
> };
>
> zone "fimble.com"{
>         type slave;
>         file "db.fimble";
>         masters {
>                  10.0.0.11;
>          };
> };
> };
>
> When my slave servers query the master for the zone file for fimble.com,
> they get the local one because that's what I told it to do in my config
> up there... I don't know if I could tell the AXFR protocol to not get
> the local though.  Any thoughts?

Ok, now I see what you're saying... the "10.0.0.11" is in your external
view and you have to have it that way because the PIX won't let internal
clients hit the external static NAT address.

That's a pickle. I'm sure there's a way to get around that problem though,
this has to be fairly common. I'd have run into the same issue except my
secondary DNS is off site, so when I put the public IP address in where
you have "10.0.0.11" it works.

If you haven't tried it, you could put your DNS servers public IP address
in there just to see what happens... but it sounds like you have already
done that and it breaks your slaves.