Dear All, I have a strange behaviour which I can’t explain. So I am asking for help. In my named.conf I have two views. One view is called „intern“ ( German internally ) and the other is called „fueralle“ ( German "for everyone" ) In the internal view I have a response-policy with two zones, a „drop“ zone and a „passthru“ zone where I rewrite some IP addresses for internal use. The "match-clients“ definition is defined with „lokal“ which is the local IPv4 address range 192.168.0.0/16 and the public IPv6 address but no loopback, either IPv6 or IPv4. The "for everyone“ zone has everything else. It has the domain name as master and some others as slave and also "168.192.IN-ADDR.ARPA“ ; match-clients is defined with „any“ The server is physically located in network 192.168.0.0 and reachable from the world via NAT and has also a public available IPv6 address.
Now the behaviour is the following: When I query from the local IPv6 or IPv4 network with „dig -x“ for an IP address I get back „status: NXDOMAIN“ But when I do the same on the server itself using the loopback addresses for IPv6 or IPv4 it works fine. It also works, if the query comes from the Internet over IPv4 with NAT or with the public IPv6 address. If I query „normal forward“ for an IP with a given name then it works in any case and from every location. This is interesting because the reverse lookup zone and the normal forward zone are both in the same view „fueralle“. If I remove the views it works as I would expect. I am using BIND 9.16.16 (Stable Release) <id:0c314d8> running on Linux x86_64 4.19.0-16-amd64 Any help is welcome. Kind regards Hans -- Ing. Dipl.-Ing. Hans Mayer Systems Analyst Network Unix Security Team (NUST) Information and Communication Technologies (ICT) International Institute for Applied Systems Analysis (IIASA) Schlossplatz 1 A-2361 Laxenburg, Austria Phone: +43 2236 807 Ext 215 Mobile: +43 676 83 807 215 Web: http://www.iiasa.ac.at E-Mail: hans.ma...@iiasa.at<mailto:hans.ma...@iiasa.at> Note: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. On 01.06.2021, at 17:31, Anand Buddhdev <ana...@ripe.net<mailto:ana...@ripe.net>> wrote: On 01/06/2021 17:18, Cuttler, Brian R (HEALTH) via bind-users wrote: Hi Brian, From what I'm reading I should be sending a notify from the primary to the secondary when a dynamic zone is updated but I don't seem to be doing that. Would someone please point me to the option I'm missing to do so? I've either completely missed it, mis-understood what I read or am going in the wrong direction. You need an "also-notify" option for that zone. Read more about this in the BIND documentation: https://bind9.readthedocs.io/en/v9_16_16/reference.html#zone-transfers While this documentation refers to the latest stable version of BIND, it should still apply to the older version you're using. Regards, Anand _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
