Re: About query response on a view

Wed, 09 Dec 2015 08:04:47 -0800 

 Okan Bostan <bosta...@itu.edu.tr> wrote:

Hello List,

We are planning to migrate to Bind dns, I'm a bit newbie.

In our design we have two views; int and ext.
As internal view, recursion is on and we have our internal zones & forwarders. 
I have no problem with internal view.

In external view, recursion in no. Also have some zones. In testing external 
view, I can query the records in zones, thats not a problem also.

But when I try to query, for examplewww.google.com<http://www.google.com>  it 
returns the root servers records by dig.

;; QUESTION SECTION:
;ww.                            IN      A

;; AUTHORITY SECTION:
.                       518400  IN      NS      D.ROOT-SERVERS.NET.
.                       518400  IN      NS      M.ROOT-SERVERS.NET.
.                       518400  IN      NS      C.ROOT-SERVERS.NET.
.                       518400  IN      NS      J.ROOT-SERVERS.NET.
.                       518400  IN      NS      G.ROOT-SERVERS.NET.
.                       518400  IN      NS      H.ROOT-SERVERS.NET.
.                       518400  IN      NS      I.ROOT-SERVERS.NET.
.                       518400  IN      NS      L.ROOT-SERVERS.NET.
.                       518400  IN      NS      F.ROOT-SERVERS.NET.
.                       518400  IN      NS      K.ROOT-SERVERS.NET.
.                       518400  IN      NS      A.ROOT-SERVERS.NET.
.                       518400  IN      NS      B.ROOT-SERVERS.NET.
.                       518400  IN      NS      E.ROOT-SERVERS.NET.

And status: NOERROR

also in nslookup:

Name:www.google.com
Served by:
- E.ROOT-SERVERS.NET

- F.ROOT-SERVERS.NET

- J.ROOT-SERVERS.NET

- G.ROOT-SERVERS.NET

- D.ROOT-SERVERS.NET

- C.ROOT-SERVERS.NET

- A.ROOT-SERVERS.NET


But in our existing DNS enviroment, I get  status: SERVFAIL to same query.

Is this a normal behaviour ? How can I disable this Authority section with root 
server NS records?

My external view:

view "EXTERNAL" {

         match-clients {"any";};
         allow-query-on {ext_ip; };

         recursion  no;
         allow-recursion { none;};


         #Include SLAVE zones
         include "slave.zones";

         #Include REVERSE zones
         include "reverse.zones";



};// view EXTERNAL

Regards,

Okan.


Something got lost in "translation".

> But when I try to query, for example
> www.google.com<http://www.google.com>

Did you really type "dig www.google.com"?

> ;; QUESTION SECTION:
> ;ww.                            IN      A

According to dig, you queried "ww.".
And the output of dig is correct - there is no DNS entry
with that name, and the authority section contains the
root servers, as it is those servers which would have
contained the zone, had it existed.

You did not give us the unedited output of "dig".

--Barry Finkel
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to