[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    RE: [Sidewinder] Setting up IXFR on Sidewinder
From:       sidewinder-admin () adeptech ! com
Date:       2002-07-11 20:02:15
[Download RAW message or body]

First, you should add a "server" declaration to your named.conf file(s).
Here's an example:
 

server 123.2.3.4 {
    support-ixfr yes;
    transfer-format many-answers;
};

 
Now in a zone file, you can define a specific IXFR transaction log per zone:
 

zone somewhere.mil {
    type slave;
    ixfr-base "somewhere.mil.ixfr";
    file "somewhere.mil.sec";
    masters {
        123.2.3.4;
    };
    check-names warn;
    allow-query { any; };
    allow-transfer { none; };
    allow-update { none; }; 
};

 
Then you should use the following to the global "options" declaration:
 

maintain-ixfr-base yes;

 
If you're running a version of BIND later than 8.2.3 (I don't think
Sidewinder 5.1.x does), you can limit the IXFR transaction log size with the
additional global option:
 

max-ixfr-log-size 1M;

 
If you haven't restricted BIND version queries (which you probably should),
you can find out what version of BIND with the following query:
 

nslookup -querytype=TXT -class=CHAOS version.bind 127.1.0.1

 
Otherwise, you'll have to look through the actual BIND named executable for
any version strings.  That should be it.
 
SSgt Randy Blahut
randall.blahut@langley.af.mil <mailto:randall.blahut@langley.af.mil> 
 
-----Original Message-----
From: sidewinder-admin@adeptech.com [mailto:sidewinder-admin@adeptech.com]
Sent: Thursday, July 11, 2002 10:17 AM
To: sidewinder@adeptech.com
Subject: [Sidewinder] Setting up IXFR on Sidewinder



Hi,
I am a contractor working at a site where they are running Sidewinder
5.2.0.1. We would like to set up the internal DNS on the Sidewinder so that
the firewall will request incremental zone file updates (IXFR) when it
receives notification of a zone update from the internal DNS server. Does
anyone know how I might configure the Sidewinder to do this?

Thanks in advance --- clay


Clay Howe, MCSE, CCNP, MSEE 
Senior Network Engineer 
email Clayton.Howe@scott.af.mil 



[Attachment #3 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>Setting up IXFR on Sidewinder</TITLE>

<META content="MSHTML 5.50.4915.500" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=476445116-11072002>First, 
you&nbsp;should add a "server" declaration to your named.conf file(s).&nbsp; 
Here's an example:</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN 
class=476445116-11072002></SPAN></FONT>&nbsp;</DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
  <DIV><FONT face="Lucida Console" color=#0000ff size=2><SPAN 
  class=476445116-11072002>server 123.2.3.4 {</SPAN></FONT></DIV>
  <DIV><FONT size=2><SPAN class=476445116-11072002><FONT color=#0000ff><FONT 
  face="Lucida Console">&nbsp;&nbsp;&nbsp; <STRONG>support-ixfr 
  yes;</STRONG></FONT></FONT></SPAN></FONT></DIV>
  <DIV><FONT face="Lucida Console" color=#0000ff size=2><SPAN 
  class=476445116-11072002>&nbsp;&nbsp;&nbsp; transfer-format 
  many-answers;</SPAN></FONT></DIV>
  <DIV><FONT face="Lucida Console" color=#0000ff size=2><SPAN 
  class=476445116-11072002>};</SPAN></FONT></DIV></BLOCKQUOTE>
<DIV><FONT face=Arial color=#0000ff size=2></FONT>&nbsp;</DIV>
<DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff size=2>Now in 
a zone file, you can&nbsp;define a specific&nbsp;IXFR transaction log per 
zone:</FONT></SPAN></DIV>
<DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
  <DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff size=2>zone 
  somewhere.mil {</FONT></SPAN></DIV>
  <DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff 
  size=2>&nbsp;&nbsp;&nbsp; type slave;</FONT></SPAN></DIV>
  <DIV><SPAN class=476445116-11072002><FONT color=#0000ff>&nbsp;&nbsp;&nbsp; 
  <FONT face=Arial size=2><STRONG>ixfr-base 
  "somewhere.mil.ixfr";</STRONG></FONT></FONT></SPAN></DIV>
  <DIV><SPAN class=476445116-11072002></SPAN><SPAN 
  class=476445116-11072002><FONT color=#0000ff>&nbsp;&nbsp;&nbsp;&nbsp;file 
  "somewhere.mil.sec";</FONT></SPAN></DIV>
  <DIV><SPAN class=476445116-11072002><FONT color=#0000ff>&nbsp;&nbsp;&nbsp; 
  masters {</FONT></SPAN></DIV>
  <DIV><SPAN class=476445116-11072002><FONT 
  color=#0000ff>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  <STRONG>123.2.3.4;</STRONG></FONT></SPAN></DIV>
  <DIV><SPAN class=476445116-11072002><FONT color=#0000ff>&nbsp;&nbsp;&nbsp; 
  };</FONT></SPAN></DIV>
  <DIV><SPAN class=476445116-11072002><FONT color=#0000ff>&nbsp;&nbsp;&nbsp; 
  check-names warn;</FONT></SPAN></DIV>
  <DIV><SPAN class=476445116-11072002><FONT 
  color=#0000ff>&nbsp;&nbsp;&nbsp;&nbsp;allow-query { any; 
};</FONT></SPAN></DIV>
  <DIV><SPAN class=476445116-11072002><FONT 
  color=#0000ff>&nbsp;&nbsp;&nbsp;&nbsp;allow-transfer { none; 
  };</FONT></SPAN></DIV>
  <DIV><SPAN class=476445116-11072002><FONT 
  color=#0000ff>&nbsp;&nbsp;&nbsp;&nbsp;allow-update { none; 
  };&nbsp;</FONT></SPAN></DIV>
  <DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff 
  size=2>};</FONT></SPAN></DIV></BLOCKQUOTE>
<DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff size=2>Then 
you should use the following to the global "options" 
declaration:</FONT></SPAN></DIV>
<DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
  <DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff 
  size=2>maintain-ixfr-base yes;</FONT></SPAN></DIV></BLOCKQUOTE>
<DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff size=2>If 
you're running a version of BIND later than 8.2.3 (I don't think Sidewinder 
5.1.x does), you can limit the IXFR transaction log size with the additional 
global option:</FONT></SPAN></DIV>
<DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
  <DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff 
  size=2>max-ixfr-log-size 1M;</FONT></SPAN></DIV></BLOCKQUOTE>
<DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=476445116-11072002>If you 
haven't restricted BIND version queries (which you probably should), you can 
find out what version of BIND with the following query:</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN 
class=476445116-11072002></SPAN></FONT>&nbsp;</DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
  <DIV><FONT face=Arial color=#0000ff size=2><SPAN 
  class=476445116-11072002>nslookup -querytype=TXT -class=CHAOS version.bind 
  127.1.0.1</SPAN></FONT></DIV></BLOCKQUOTE>
<DIV><FONT face=Arial color=#0000ff size=2></FONT>&nbsp;</DIV>
<DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff 
size=2>Otherwise, you'll have to look through the actual BIND named executable 
for any version strings.&nbsp; That should be it.</FONT></SPAN></DIV>
<DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=476445116-11072002><FONT face=Arial color=#0000ff size=2>SSgt 
Randy Blahut</FONT></SPAN></DIV>
<DIV><SPAN class=476445116-11072002><FONT face=Arial size=2><A 
href="mailto:randall.blahut@langley.af.mil">randall.blahut@langley.af.mil</A></FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma 
size=2>-----Original Message-----<BR><B>From:</B> sidewinder-admin@adeptech.com 
[mailto:sidewinder-admin@adeptech.com]<BR><B>Sent:</B> Thursday, July 11, 2002 
10:17 AM<BR><B>To:</B> sidewinder@adeptech.com<BR><B>Subject:</B> [Sidewinder] 
Setting up IXFR on Sidewinder<BR><BR></FONT></DIV><!-- Converted from text/rtf format -->
<P><FONT face="Times New Roman" size=2>Hi,<BR>I am a contractor working at a 
site where they are running Sidewinder 5.2.0.1. We would like to set up the 
internal DNS on the Sidewinder so that the firewall will request incremental 
zone file updates (IXFR) when it receives notification of a zone update from the 
internal DNS server. Does anyone know how I might configure the Sidewinder to do 
this?<BR><BR>Thanks in advance --- clay<BR></FONT></P>
<P><FONT face="Courier New" size=2>Clay Howe, MCSE, CCNP, MSEE</FONT> <BR><FONT 
face="Courier New" size=2>Senior Network Engineer</FONT> <BR><FONT 
face="Courier New" size=2>email Clayton.Howe@scott.af.mil</FONT> 
</P><BR></BODY></HTML>

_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic