Re: Views and no answers ...

Wed, 27 Jul 2011 16:23:00 -0700

These two views are identical in any way I can see, so the fault may be in an included configuration file that is not included in your message.
Look for allow-query, allow-recursion or allow-cache statements in your other config files. 


When using views, I often find it more manageable to move such options 
inside the view definition.


Mvh. / Regards
Bob

On 2011-07-25 16:24, Thomas Schweikle wrote:

Hi!

I have set up a view for one site. It is bound to change answers as
necessary for different IP-ranges. It works as far as I could see.
But with one ip-range there is a problem ...

I can query internal addresses:
!user@kvm2~# host intweb.example.de
!web.example.de has address 192.168.180.46

But external ones do not work:
!user@kvm2:~# host google.com
!user@kvm2:~#

The host I am trying on has address 192.168.112.4 and I've set up my
view as:
!view "ex" {
!        match-clients { 192.168.112.0/23; };
!        recursion yes;
!
!        include "/etc/named/master/rootns.conf";
!        include "/etc/named/master/localhost.conf";
!        include "/etc/named/master/empty.conf";
!
!        zone "example.de." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zhz/fwd.example";
!        };
!        zone "112.168.192.in-addr.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zin/rev.192.168.1";
!        };
!};

!view "in" {
!        match-clients { 192.168.180.0/23; };
!        recursion yes;
!
!        include "/etc/named/master/rootns.conf";
!        include "/etc/named/master/localhost.conf";
!        include "/etc/named/master/empty.conf";
!
!        zone "example.de." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zhz/fwd.example";
!        };
!        zone "112.168.192.in-addr.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zin/rev.192.168.1";
!        };
!};

Any idea why the server resolves internal names, but no external
ones to view "ex", while it does answer internal and external names
to view "in"?
I've set up query logging, but this just tells me queries are
correctly processed. But not why no answer was sent.

In the server logs I can watch queries from 192.168.180.0/23 tagged
with "in" and such from 192.168.112.0/23 with "ex". Addresses
defined by my server are served to both clients "in" and "ex".
Addresses from others like google.com are only served to clients
from "in" not to clients from "ex" (server answers NXDOMAIN).



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to