Note that the newer versions of querylog format include not only the
source address of the client, but also what view was *actually* matched
by the query. It should be useful to turn on the querylog for
troubleshooting this particular issue, if the volume of queries isn't so
huge that you'd run into capacity issues...
- Kevin
Jeff Lightner wrote:
It seems the mydomain.com isn’t in the view but presumably in one of
the includes.
So the most likely issues seem to be:
1) You have defined mydomain.com in more than one of the includes
which we can’t tell since you didn’t provide them.
–OR-
2) The client actually has an unexpected IP (that is you think they
are in the 10.x when they are actually in 192.x or vice-versa or they
don’t have an IP in either of the ranges you specified.
------------------------------------------------------------------------
*From:* bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] *On Behalf Of *Corey Shaw
*Sent:* Tuesday, June 09, 2009 1:56 PM
*To:* bind-users@lists.isc.org
*Subject:* Clients sometimes get wrong view
OS: Gentoo
Bind Version: 9.6.0-p1
I currently have my Bind server set up with 3 views. It seems that
every now and then I have clients in the "office" view that try to go
to www.mydomain.com (which should be a public address), but instead
they get the internal address that is defined in the "datacenter" view
(10.x.x.x). As a result, they can't get to www.mydomain.com. My views
are configured as shown below (yes, all the include files exist and
load properly). They are ordered in my configuration as shown below as
well. Any ideas on why this may be happening?
view "datacenter" {
match-clients { 10.x.x.0/24; };
recursion yes;
include "/etc/bind/includes/datacenterincludes.conf";
allow-recursion { 10.x.x.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
};
view "office" {
match-clients { 166.x.x.88/29; };
recursion yes;
include "/etc/bind/includes/officeincludes.conf";
allow-recursion { 166.x.x.88/29; };
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
};
view "public" {
match-clients { any; };
recursion no;
include "/etc/bind/includes/publicincludes.conf";
allow-recursion { none; };
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
};
_____________________
Corey Shaw
/Please consider our environment before printing this e-mail or
attachments./
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
confidential information and is for the sole use of the intended
recipient(s). If you are not the intended recipient, any disclosure,
copying, distribution, or use of the contents of this information is
prohibited and may be unlawful. If you have received this electronic
transmission in error, please reply immediately to the sender that you
have received the message in error, and delete it. Thank you.
----------------------------------
------------------------------------------------------------------------
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
