Dear All,
I had problem when trying to use "view" class on my named.conf, please
see attached file and below my query log:
# tail -f /var/log/named/query.log
27-Sep-2010 02:54:49.738 security: info: client 127.0.0.1#48295: view
mynetwork: query (cache) 'yahoo.com/A/IN' denied
27-Sep-2010 02:59:58.323 security: info: client 127.0.0.1#58482: view
mynetwork: query (cache) 'yahoo.com/A/IN' denied
27-Sep-2010 03:00:02.233 security: info: client 127.0.0.1#37472: view
mynetwork: query (cache) 'yahoo.co.uk/A/IN' denied
27-Sep-2010 03:03:14.227 security: info: client 127.0.0.1#42151: view
mynetwork: query (cache) 'yahoo.com/A/IN' denied
27-Sep-2010 03:03:44.490 security: info: client 127.0.0.1#40996: view
mynetwork: query (cache) 'telkom.net/A/IN' denied
I've been search but I can't solve this problem, I'm using BIND 9.7.1.p2
on CentOS 5.5 64bit
Thank You....
--
-
--
Best regards,
David
http://blog.pnyet.web.id
acl "trusted" {
10.100.112.0/24;
10.100.113.0/24;
10.100.114.0/24;
10.100.115.0/24;
10.100.116.0/24;
10.100.117.0/24;
10.100.118.0/24;
10.100.119.0/24;
10.100.120.0/24;
10.100.121.0/24;
10.100.122.0/24;
10.100.123.0/24;
10.100.124.0/24;
10.100.125.0/24;
10.100.126.0/24;
10.100.127.0/24;
202.91.10.0/24;
203.92.13.0/24;
localhost;
};
acl "bogon" {
0.0.0.0/8;
1.0.0.0/8;
2.0.0.0/8;
5.0.0.0/8;
7.0.0.0/8;
23.0.0.0/8;
27.0.0.0/8;
31.0.0.0/8;
36.0.0.0/8;
37.0.0.0/8;
39.0.0.0/8;
42.0.0.0/8;
49.0.0.0/8;
50.0.0.0/8;
77.0.0.0/8;
79.0.0.0/8;
92.0.0.0/8;
94.0.0.0/8;
95.0.0.0/8;
96.0.0.0/8;
99.0.0.0/8;
100.0.0.0/8;
101.0.0.0/8;
102.0.0.0/8;
103.0.0.0/8;
104.0.0.0/8;
105.0.0.0/8;
106.0.0.0/8;
107.0.0.0/8;
108.0.0.0/8;
113.0.0.0/8;
128.138.129.98/32;
169.254.0.0/16;
172.16.0.0/12;
173.0.0.0/8;
175.0.0.0/8;
176.0.0.0/8;
177.0.0.0/8;
178.0.0.0/8;
179.0.0.0/8;
183.0.0.0/8;
184.0.0.0/8;
185.0.0.0/8;
186.0.0.0/8;
187.0.0.0/8;
192.0.2.0/24;
197.0.0.0/8;
224.0.0.0/3;
};
logging {
category lame-servers { null; };
category edns-disabled { null; };
channel named_log {
syslog local2;
severity debug;
};
channel named_log {
file "logs/named.log" versions 3 size 50m;
severity debug;
print-severity yes;
print-time yes;
print-category yes;
};
channel audit_log {
file "logs/audit.log" versions 3 size 50m;
severity debug;
print-severity yes;
print-time yes;
print-category yes;
};
channel xfer_log {
file "logs/xfer.log" versions 3 size 50m;
severity debug;
print-severity yes;
print-time yes;
print-category yes;
};
channel queries_log {
file "logs/query.log" versions 3 size 50m;
severity debug;
print-severity yes;
print-time yes;
print-category yes;
};
category default { named_log; };
category general { named_log; };
category security { audit_log; };
category config { named_log; };
category resolver { audit_log; };
category xfer-in { xfer_log; };
category xfer-out { xfer_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { queries_log; };
category lame-servers { audit_log; };
};
options {
directory "/var/named";
allow-transfer { "xfer"; };
pid-file "named.pid";
listen-on port 53 { any; };
statistics-file "named.stats";
memstatistics-file "named.memstats";
dump-file "named.dump";
zone-statistics yes;
notify no;
transfer-format many-answers;
max-transfer-time-in 100;
interface-interval 0;
allow-query { "trusted"; };
blackhole { bogon; };
};
view "mynetwork" in {
match-clients {"trusted"; };
recursion no;
allow-transfer { "xfer"; };
additional-from-auth yes;
additional-from-cache yes;
};
view "internet" in {
match-clients { any; };
recursion no;
allow-transfer { "xfer"; };
additional-from-auth no;
additional-from-cache no;
zone "indigo.com" {
type master;
file "master/db.ind";
};
zone "kpt.com" {
type master;
file "master/db.kpt";
};
zone "116.10.100.in-addr.arpa" {
type master;
file "master/db.116";
};
zone "3.2.1.in-addr.arpa" {
type master;
file "master/db.1.2.3";
};
# Loopback address
zone "localhost" {
type master;
file "master/db.localhost";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "master/db.127.0.0";
};
# Special zones
zone "255.in-addr.arpa" {
type master;
file "master/db.255";
};
zone "0.in-addr.arpa" {
type master;
file "master/db.0";
};
# Root zone
zone "." {
type hint;
file "master/named.root";
};
};
view "chaos" chaos {
match-clients { any; };
recursion no;
zone "." {
type hint;
file "/dev/null";
};
zone "bind" {
type master;
file "master/db.bind";
allow-query { any; };
allow-transfer { none;};
};
};
key "rndc-key" {
algorithm hmac-md5;
secret "83iasjUDH2vlgjXw==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
