query cache denied in vew statement

Sun, 26 Sep 2010 13:31:27 -0700 

Dear All,

I had problem when trying to use "view" class on my named.conf, please
see attached file and below my query log:



# tail -f /var/log/named/query.log

27-Sep-2010 02:54:49.738 security: info: client 127.0.0.1#48295: view
mynetwork: query (cache) 'yahoo.com/A/IN' denied
27-Sep-2010 02:59:58.323 security: info: client 127.0.0.1#58482: view
mynetwork: query (cache) 'yahoo.com/A/IN' denied
27-Sep-2010 03:00:02.233 security: info: client 127.0.0.1#37472: view
mynetwork: query (cache) 'yahoo.co.uk/A/IN' denied
27-Sep-2010 03:03:14.227 security: info: client 127.0.0.1#42151: view
mynetwork: query (cache) 'yahoo.com/A/IN' denied
27-Sep-2010 03:03:44.490 security: info: client 127.0.0.1#40996: view
mynetwork: query (cache) 'telkom.net/A/IN' denied

I've been search but I can't solve this problem, I'm using BIND 9.7.1.p2
on CentOS 5.5 64bit

Thank You....

-- 
-
--
Best regards,
David
http://blog.pnyet.web.id


acl "trusted" {
    10.100.112.0/24;
    10.100.113.0/24;
    10.100.114.0/24;
    10.100.115.0/24;
    10.100.116.0/24;
    10.100.117.0/24;
    10.100.118.0/24;
    10.100.119.0/24;
    10.100.120.0/24;
    10.100.121.0/24;
    10.100.122.0/24;
    10.100.123.0/24;
    10.100.124.0/24;
    10.100.125.0/24;
    10.100.126.0/24;
    10.100.127.0/24;
    202.91.10.0/24;
    203.92.13.0/24;
    localhost;
};

acl "bogon" {

    0.0.0.0/8;
    1.0.0.0/8;
    2.0.0.0/8;
    5.0.0.0/8;
    7.0.0.0/8;
    23.0.0.0/8;
    27.0.0.0/8;
    31.0.0.0/8;
    36.0.0.0/8;
    37.0.0.0/8;
    39.0.0.0/8;
    42.0.0.0/8;
    49.0.0.0/8;
    50.0.0.0/8;
    77.0.0.0/8;
    79.0.0.0/8;
    92.0.0.0/8;
    94.0.0.0/8;
    95.0.0.0/8;
    96.0.0.0/8;
    99.0.0.0/8;
    100.0.0.0/8;
    101.0.0.0/8;
    102.0.0.0/8;
    103.0.0.0/8;
    104.0.0.0/8;
    105.0.0.0/8;
    106.0.0.0/8;
    107.0.0.0/8;
    108.0.0.0/8;
    113.0.0.0/8;
    128.138.129.98/32;
    169.254.0.0/16;
    172.16.0.0/12;
    173.0.0.0/8;
    175.0.0.0/8;
    176.0.0.0/8;
    177.0.0.0/8;
    178.0.0.0/8;
    179.0.0.0/8;
    183.0.0.0/8;
    184.0.0.0/8;
    185.0.0.0/8;
    186.0.0.0/8;
    187.0.0.0/8;
    192.0.2.0/24;
    197.0.0.0/8;
    224.0.0.0/3;
};

logging {
        category lame-servers { null; };
        category edns-disabled { null; };
        channel named_log {
        syslog local2;
        severity debug;
};

        channel named_log {
        file "logs/named.log" versions 3 size 50m;
        severity debug;
        print-severity yes;
        print-time yes;
        print-category yes;
};

        channel audit_log {
        file "logs/audit.log" versions 3 size 50m;
        severity debug;
        print-severity yes;
        print-time yes;
        print-category yes;
};
        channel xfer_log {
        file "logs/xfer.log" versions 3 size 50m;
        severity debug;
        print-severity yes;
        print-time yes;
        print-category yes;
};
        channel queries_log {
        file "logs/query.log" versions 3 size 50m;
        severity debug;
        print-severity yes;
        print-time yes;
        print-category yes;
};
        category default { named_log; };
        category general { named_log; };
        category security { audit_log; };
        category config { named_log; };
        category resolver { audit_log; };
        category xfer-in { xfer_log; };
        category xfer-out { xfer_log; };
        category notify { audit_log; };
        category client { audit_log; };
        category network { audit_log; };
        category update { audit_log; };
        category queries { queries_log; };
        category lame-servers { audit_log; };
};

options {
        directory "/var/named";
        allow-transfer { "xfer"; };
        pid-file "named.pid";
        listen-on port 53 { any; };
        statistics-file "named.stats";
        memstatistics-file "named.memstats";
        dump-file "named.dump";
        zone-statistics yes;
        notify no;
        transfer-format many-answers;
        max-transfer-time-in 100;
        interface-interval 0;
        allow-query { "trusted"; };
        blackhole { bogon; };
};

view "mynetwork" in {
        match-clients {"trusted"; };
        recursion no;
        allow-transfer { "xfer"; };
        additional-from-auth yes;
        additional-from-cache yes;
};

view "internet" in {
        match-clients { any; };
        recursion no;
        allow-transfer  { "xfer"; };
        additional-from-auth no;
        additional-from-cache no;

zone "indigo.com" {
        type master;
        file "master/db.ind";
};

zone "kpt.com" {
        type master;
        file "master/db.kpt";
};

zone "116.10.100.in-addr.arpa" {
        type master;
        file "master/db.116";
};

zone "3.2.1.in-addr.arpa" {
        type master;
        file "master/db.1.2.3";
};

# Loopback address
zone "localhost" {
        type master;
         file "master/db.localhost";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "master/db.127.0.0";
};

# Special zones
zone "255.in-addr.arpa" {
        type master;
        file "master/db.255";
};

zone "0.in-addr.arpa" {
        type master;
        file "master/db.0";
};

# Root zone
zone "." {
        type hint;
        file "master/named.root";
};
};

view "chaos" chaos {
        match-clients { any; };
        recursion no;

zone "." {
        type hint;
        file "/dev/null";
};

zone "bind" {
        type master;
        file "master/db.bind";
        allow-query { any; };
        allow-transfer { none;};
};
};

key "rndc-key" {
        algorithm hmac-md5;
        secret "83iasjUDH2vlgjXw==";
};

controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf


_______________________________________________
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to