Re: ip forwarding DNS 9.6.0

Tue, 07 Apr 2009 05:07:02 -0700

I started reading up on Kirk's suggestions of the allow-*** settings. In the global options level 
I put
options {
        directory       "/etc/dns";
        allow-query-cache { any; };
        allow-query { any; };
        auth-nxdomain   yes;
};
and that definitely worked. By no means do I understand the paragraph below from the README. I need to mull over it for a while and determine where the options should go, whether globally or in a view 
and whether "any" is the right setting.

Thanks for all the help.

--myron
=================================
Myron Kowalski
MoCoSIN Network/Systems Administrator
Moravian College
my...@cs.moravian.edu



On Apr 6, 2009, at 5:17 PM, Mark Andrews wrote:



        allow-recursion and allow-query-cache have different defaults.

From README

       New option "allow-query-cache".  This lets "allow-query"
       be used to specify the default zone access level rather
       than having to have every zone override the global value.
       "allow-query-cache" can be set at both the options and view
levels. If "allow-query-cache" is not set then "allow- recursion" 
       is used if set, otherwise "allow-query" is used if set
       unless "recursion no;" is set in which case "none;" is used,
       otherwise the default (localhost; localnets;) is used.


        Mark
In message <cf090150-f1c9-45c7-a4dd-6a5e1c429...@cs.moravian.edu>, myron writes 
:


--===============0424927304202673050==
Content-Type: multipart/alternative; boundary=Apple- Mail-233-881694232 


--Apple-Mail-233-881694232
Content-Type: text/plain;
        charset=US-ASCII;
        format=flowed;
        delsp=yes
Content-Transfer-Encoding: 7bit

I gave the wrong view if that makes the difference. That was the
internal network.

view "external" {
 match-clients { any; };
 recursion no;

--myron
=================================
Myron Kowalski
MoCoSIN Network/Systems Administrator
Moravian College
my...@cs.moravian.edu



Begin forwarded message:


From: myron <kowal...@cs.moravian.edu>
Date: April 6, 2009 12:00:55 PM EDT
To: bind-users@lists.isc.org
Subject: ip forwarding DNS 9.6.0

I upgraded from 9.2.3.

I can't seem to do forwarding from a browser.

Everything works from 9.2.3. When I swap out to 9.6.0, from a
command line I
can do: nslookup; ping outside the domain; traceroute outside the
domain.

From a web browser I can get out if I use the ip address. However,
when I
put in a canonical name get an rcode 5.

There's a barracuda spam firewall in the path. If I take it out,
then everything works.
There's really nothing to change on the barracuda as far as dns is
concerned, other
than pointing to a dns server.

snoop on the wire:
9.6.0
barracuda -> ns     DNS C www22.verizon.com. Internet Addr ?
 ns -> barracuda DNS R  Error: 5(Refused)

9.2.3
barracuda -> ns     DNS C www22.verizon.com. Internet Addr ?
 ns -> barracuda DNS R www22.verizon.com. Internet CNAME
www22.verizon.com.edgekey.net.

I glanced through the archives and found some suggestions about
recursions to ip forwarding. I think the
conf is set up correctly. At least, it works fine with 9.2.3.

Here's some of my named.conf edited.

acl mylab {
     10.0.0.0/8;
};
options {
     directory       "/etc/dns";
     auth-nxdomain   yes;
};
view "trusted" {
match-clients { mylab; };
recursion yes;
zone "moravian.edu" in {
     type forward;
     forwarders { 10.22.5.32; 10.22.5.38; };
};

Any help appreciated.

--myron
=================================
Myron Kowalski
MoCoSIN Network/Systems Administrator
Moravian College
my...@cs.moravian.edu



_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



--Apple-Mail-233-881694232
Content-Type: text/html;
        charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space; ">I gave the wrong view if that = 
makes the difference. That was the internal network.<br><br>view =
"external" {<br>&nbsp;match-clients { any; };<br>&nbsp;recursion =
no;<br><div><br class=3D"webkit-block-placeholder"></div><div =
apple-content-edited=3D"true"> <span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font- family: = Helvetica; font-size: 12px; font-style: normal; font-variant: normal; = 
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; = 
white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical- spacing: = 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size- adjust: = 
auto; -webkit-text-stroke-width: 0; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; =
"><div><div>--myron</ div><div>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</ div><div>Myron = 
Kowalski</div><div>MoCoSIN Network/Systems =
Administrator</div><div>Moravian College</div><div><a =
href=3D"mailto:my...@cs.moravian.edu";>my...@cs.moravian.edu</a></ div><div>= <br></div></div></div></span><br class=3D"Apple-interchange- newline"> = 
</div><div><br><div>Begin forwarded message:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><div><div = 
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" color=3D"#000000" = 
style=3D"font: 12.0px Helvetica; color: #000000"><b>From: =
</b></font><font face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px = 
Helvetica">myron &lt;<a =
href=3D"mailto:kowal...@cs.moravian.edu";>kowal...@cs.moravian.edu</ a>></fo= 
nt></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><font face=3D"Helvetica" =
size=3D"3" color=3D"#000000" style=3D"font: 12.0px Helvetica; color: = 
#000000"><b>Date: </b></font><font face=3D"Helvetica" size=3D"3" =
style=3D"font: 12.0px Helvetica">April 6, 2009 12:00:55 PM =
EDT</font></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><font face=3D"Helvetica" =
size=3D"3" color=3D"#000000" style=3D"font: 12.0px Helvetica; color: = 
#000000"><b>To: </b></font><font face=3D"Helvetica" size=3D"3" =
style=3D"font: 12.0px Helvetica"><a =
href=3D"mailto:bind-users@lists.isc.org";>bind-users@lists.isc.org</ a></fon= t></div><div style=3D"margin-top: 0px; margin-right: 0px; margin- bottom: = 
0px; margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" =
color=3D"#000000" style=3D"font: 12.0px Helvetica; color: =
#000000"><b>Subject: </b></font><font face=3D"Helvetica" size=3D"3" =
style=3D"font: 12.0px Helvetica"><b>ip forwarding DNS =
9.6.0</b></font></div><div style=3D"margin-top: 0px; margin-right: 0px; = margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><br></ div> = </div><div>I upgraded from 9.2.3.<br><br>I can't seem to do forwarding = from a browser.<br><br>Everything works from 9.2.3. When I swap out to = 
9.6.0, from a command line I<br>can do: nslookup; ping outside the =
domain; traceroute outside the domain.<br><br>=46rom a web browser I can = get out if I use the ip address. However, when I<br>put in a canonical = name get an rcode 5.<br><br>There's a barracuda spam firewall in the = path. If I take it out, then everything works.<br>There's really nothing = to change on the barracuda as far as dns is concerned, other<br>than = 
pointing to a dns server.<br><br>snoop on the =
wire:<br>9.6.0<br>barracuda -> ns &nbsp;&nbsp;&nbsp;&nbsp;DNS C =
www22.verizon.com. Internet Addr ?<br> &nbsp;&nbsp;ns -> barracuda DNS R = 
&nbsp;Error: 5(Refused)<br><br>9.2.3<br>barracuda -> ns =
&nbsp;&nbsp;&nbsp;&nbsp;DNS C www22.verizon.com. Internet Addr ? <br> = 
&nbsp;&nbsp;ns -> barracuda DNS R www22.verizon.com. Internet CNAME =
www22.verizon.com.edgekey.net.<br><br>I glanced through the archives and = 
found some suggestions about recursions to ip forwarding. I think =
the<br>conf is set up correctly. At least, it works fine with =
9.2.3.<br><br>Here's some of my named.conf edited.<br><br>acl mylab =
{<br> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10.0.0.0/8;<br>};<br>options = 
{<br> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;directory =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"/etc/dns";<br> =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;auth-nxdomain =
&nbsp;&nbsp;yes;<br>};<br>view "trusted" {<br> match-clients { mylab; = 
};<br> recursion yes;<br> zone "moravian.edu" in {<br> =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;type forward;<br> =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;forwarders { 10.22.5.32; 10.22.5.38; = 
};<br> };<br><br>Any help =
appreciated.<br><br>-- myron<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>Myron =
Kowalski<br>MoCoSIN Network/Systems Administrator<br>Moravian =
College<br><a =
href=3D"mailto:my...@cs.moravian.edu";>my...@cs.moravian.edu</ a><br><br><br= 
<br>_______________________________________________<br>bind-users =

mailing =
list<br>bind-users@lists.isc.org<br>https://lists.isc.org/mailman/listinfo=
/bind-users<br></div></blockquote></div><br></body></html>=

--Apple-Mail-233-881694232--

--===============0424927304202673050==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--===============0424927304202673050==--

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: mark_andr...@isc.org


_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to