Having Slaves DNS Servers answer requests

I am trying to follow the rules of securing our DNS down. We are hosting a couple of websites as well.

Apparently the Tuturial that I used, didn't help. We are running Bind V9.2.2

We have the Master up and running correctly responding to queries, but our Slave isn't accepting queries for the domains that we actually host. The slave is, however, accepting queries outside of our domain for our internal network, like it should.

Another question is whether we need to specify somewhere that the Slave server needs to answer DNS queries on the master config file somewhere or not.

OR does the slave server HAVE to use the master as the fowarder. I would think the slave answers queries independently of the master.

Here is what I got in our config file.

options {
directory "/var/named/";
allow-transfer {
ourmaster;
localhost;
};
allow-query {
ourmaster;
anotherrandomserver;
ourinternalnetworkserver;
localhost;
};
allow-recursion {
ourmaster;
anotherrandomserver;
ourinternalnetworkserver;
localhost;
};

};



zone "RandomDomainWeHost.com" {
type slave;
file RandomDomainWeHost.com.zone";
masters {
ourmaster;
};
allow-query { any; };
};

Howdy,
I am not sure about your ACL statements/definitions, but as I am guessing your only allowing a few client access to query? I am sure clients are trying to access your name server but are getting
query refused)

I tend to create include files of ip networks I wish to acl then include them in named.conf at the top of the file. Then riddle the zone's with who see's what!

You are correct, the slave server does not need to use the master as forwarder. What I have done is point all our clients to a cache server acl'd to internal nets only and allow-recursive to these clients. The server is also firewalled. I placed my external dns servers outside the fw and set them to no recursive, allow query is any. That way I am only building cache on the cache server and not my slaves and master, who really should just give you answers instead of fetching them.