It seems like you might also need "match-destinations" to be defined, at least that is how i interpret this: https://bind9.readthedocs.io/en/v9_18_9/reference.html#namedconf-statement-match-destinations
> On Dec 13, 2022, at 5:47 AM, 徐娅 <xuya2...@gmail.com> wrote: > > 25-Nov-2022 23:30:32.924 running on Linux x86_64 3.10.0-1127.el7.x86_64 #1 > SMP Tue Mar 31 23:36:51 UTC 2020 > 25-Nov-2022 23:30:32.924 built with '--prefix=/usr/local/bind-9.18.9' > '--enable-largefile' '--enable-epoll' '--enable-full-report' '--disable-doh' > '--enable-dnsrps-dl' '--enable-dnsrps' > 25-Nov-2022 23:30:32.924 running as: named -c named.conf -fg > 25-Nov-2022 23:30:32.924 compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-39) > 25-Nov-2022 23:30:32.924 compiled with OpenSSL version: OpenSSL 1.0.2k-fips > 26 Jan 2017 > 25-Nov-2022 23:30:32.924 linked to OpenSSL version: OpenSSL 1.0.2k-fips 26 > Jan 2017 > 25-Nov-2022 23:30:32.924 compiled with zlib version: 1.2.7 > 25-Nov-2022 23:30:32.924 linked to zlib version: 1.2.7 > 25-Nov-2022 23:30:32.924 ---------------------------------------------------- > 25-Nov-2022 23:30:32.924 BIND 9 is maintained by Internet Systems Consortium, > 25-Nov-2022 23:30:32.924 Inc. (ISC), a non-profit 501(c)(3) public-benefit > 25-Nov-2022 23:30:32.924 corporation. Support and training for BIND 9 are > 25-Nov-2022 23:30:32.924 available at https://www.isc.org/support > > > # cat named.conf > ... ... > ... ... > options { > listen-on port 353 { any; }; > listen-on-v6 port 353 { any; }; > directory "/root/edns/named"; > allow-query { any; }; > allow-recursion { any; }; > > empty-zones-enable no; > > pid-file "/root/edns/named/run/named.pid"; > > }; > > view "aaa" { > match-clients { 10.105.0.0/16 <http://10.105.0.0/16>; }; > zone "abc.com <http://abc.com/>" { > type master; > file "aaa/abc.com <http://abc.com/>"; > }; > }; > > view "bbb" { > match-clients { 10.106.0.0/26 <http://10.106.0.0/26>; }; > zone "abc.com <http://abc.com/>" { > type master; > file "bbb/abc.com <http://abc.com/>"; > }; > }; > > view "idc-default" { > match-clients { any; }; > zone "abc.com <http://abc.com/>" { > type master; > file "any/abc.com <http://abc.com/>"; > }; > }; > > # cat named/aaa/abc.com <http://abc.com/> > ... ... > www 600 IN TXT aaa > > # cat named/bbb/abc.com <http://abc.com/> > www 600 IN TXT bbb > > # cat named/ccc/abc.com <http://abc.com/> > www 600 IN TXT ccc > > # dig @127.0.0.1 <http://127.0.0.1/> -p 353 txt.abc.com <http://txt.abc.com/> > txt +subnet=10.105.2.2 > > ; <<>> DiG 9.18.9 <<>> @127.0.0.1 <http://127.0.0.1/> -p 353 txt.abc.com > <http://txt.abc.com/> txt +subnet=10.105.2.2 > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7948 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 1232 > ; COOKIE: 075abe1b7a9c177a010000006380ded9dc3ca0fc1bae43d4 (good) > ; CLIENT-SUBNET: 10.105.2.2/32/0 <http://10.105.2.2/32/0> > ;; QUESTION SECTION: > ;txt.abc.com <http://txt.abc.com/>. IN TXT > > ;; ANSWER SECTION: > txt.abc.com <http://txt.abc.com/>. 600 IN TXT "any" > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.1#353(127.0.0.1) (UDP) > ;; WHEN: Fri Nov 25 23:27:21 CST 2022 > ;; MSG SIZE rcvd: 99 > > I expect +subnet=10.105.2.2, return aaa, but returned any > > # dig @127.0.0.1 <http://127.0.0.1/> -p 353 txt.abc.com <http://txt.abc.com/> > txt +subnet=10.105.2.2 > any > I expect +subnet=10.106.3.3, return bbb, but returned any > > # dig @127.0.0.1 <http://127.0.0.1/> -p 353 txt.abc.com <http://txt.abc.com/> > txt +subnet=10.106.3.3 > any > > How do I change named.conf? > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
signature.asc
Description: Message signed with OpenPGP
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
