In message <61d78605-0cb2-485e-aa75-a49ba3c45...@vallden.com>, Hans Vallden wri tes: > Hello all, > > I use the secure BIND template by Rob Thomas (http://www.cymru.com/Documents/ > secure-bind-template.html > ). I have had a peculiar problem with this template conf, which I have > not been able to resolve. My problem is that some slave zones return > REFUSED when queried from the external view for ANY records while > others return the expected values. For example: > > dig @194.86.83.21 ruoka.fi ANY > > returns nothing, but when queried from master zone: > > dig @194.86.83.27 ruoka.fi ANY > > returns expected values. Furthermore, a seemingly identical zone (see > complete zone configs below) for another domain returns expected > values from both servers:
What do you have infront of the nameserver? Firewall? NAT? Note the reply is to the wrong port. 00:15:38.593884 211.30.172.21.57914 > 194.86.83.21.53: 60775 ANY? ruoka.fi. (26) 00:15:38.935222 194.86.83.21.53 > 211.30.172.21.48599: 60775*- 5/0/0 SOA, NS ns2.kirnauskis.com., NS ns.kirnauskis.com., MX smtp.kirnauskis.com. 0, TXT v=spf1 ~all (167) > dig @194.86.83.21 tri.fi ANY <- slave > dig @194.86.83.27 tri.fi ANY <- master > > I have so far figured out that changing the external view > configuration options 'additional-from-auth' and 'additional-from- > cache' both to 'yes' will cure the problem. However, I don't see the > logic and I take it that's not really a desirable cure either. :) My > BIND version is 9.4.3. > > Cheers, > > > $ORIGIN . > $TTL 38400 ; 10 hours 40 minutes > tri.fi IN SOA ns.kirnauskis.com. hostmaster.kirnauski > s.com. ( > 1146160445 ; serial > 10800 ; refresh (3 hours) > 3600 ; retry (1 hour) > 604800 ; expire (1 week) > 38400 ; minimum (10 hours 40 minutes) > ) > NS ns.kirnauskis.com. > NS ns2.kirnauskis.com. > MX 0 smtp.kirnauskis.com. > TXT "v=spf1 mx ip4:194.86.83.27 ip4:194.86.83.28 ip > 4:194.86.83.30 > ip4:194.86.83.31 ip4:194.86.83.32 -all" > $ORIGIN tri.fi. > www A 194.86.83.31 > > $ORIGIN . > $TTL 38400 ; 10 hours 40 minutes > ruoka.fi IN SOA ns.kirnauskis.com. hostmaster.kirnauskis.com. ( > 2004090608 ; serial > 10800 ; refresh (3 hours) > 3600 ; retry (1 hour) > 432000 ; expire (5 days) > 38400 ; minimum (10 hours 40 minutes) > ) > NS ns.kirnauskis.com. > NS ns2.kirnauskis.com. > MX 0 smtp.kirnauskis.com. > TXT "v=spf1 ~all" > $ORIGIN ruoka.fi. > www A 194.86.83.32 > > -- > Hans Vallden > h...@vallden.com > skype: hans.vallden > > > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
