Re: DNSSEC Validating Resolver and Views

2010-03-16 Thread Mark Andrews
In message <20100317041842.gb99...@rwpc12.mby.riverwillow.net.au>, John Marshall writes: > [queries log] > 17-Mar-2010 14:04:11.140 queries: client 172.25.24.18#42640: > view internal: query: 168.192.in-addr.arpa IN DS + (172.25.24.17) Named has fallen back to plain DNS talking to itself. I'll

Re: DNSSEC Validating Resolver and Views

2010-03-16 Thread John Marshall
On Wed, 17 Mar 2010, 11:11 +1100, Mark Andrews wrote: > In message <20100316234500.ga99...@rwpc12.mby.riverwillow.net.au>, John > Marshal > l writes: > > > In message , John > > > Marsh > > all > > > writes: > > > > If I grant the guest clients access to the internal view, all is well. > > > > T

Re: DNSSEC Validating Resolver and Views

2010-03-16 Thread Mark Andrews
Mark Andrews writes: > > In message <20100316234500.ga99...@rwpc12.mby.riverwillow.net.au>, John Marsh > al > l writes: > > On Wed, 17 Mar 2010, 09:03 +1100, Mark Andrews wrote: > > > In message , John Mar > sh > > all > > > writes: > > > > I don't understand this. If the client needs an answer

Re: DNSSEC Validating Resolver and Views

2010-03-16 Thread Mark Andrews
In message <20100316234500.ga99...@rwpc12.mby.riverwillow.net.au>, John Marshal l writes: > On Wed, 17 Mar 2010, 09:03 +1100, Mark Andrews wrote: > > In message , John Marsh > all > > writes: > > > I don't understand this. If the client needs an answer from > > > 25.168.192.in-addr.arpa. and we

Re: DNSSEC Validating Resolver and Views

2010-03-16 Thread John Marshall
On Wed, 17 Mar 2010, 09:03 +1100, Mark Andrews wrote: > In message , John > Marshall > writes: > > I don't understand this. If the client needs an answer from > > 25.168.192.in-addr.arpa. and we are hosting that zone and its parent > > zone (both unsigned, both in our internal view), why are we

Re: DNSSEC Validating Resolver and Views

2010-03-16 Thread Mark Andrews
In message , John Marshall writes: > On Tue, 16 Mar 2010 08:14:40 + (UTC), John Marshall wrote: > > > > Client: 192.168.25.71 is querying the PTR record for its own address. > > Server: 172.25.24.16 is querying itself for the DS record for the > > parent of the zone which the client is qu

Re: DNSSEC Validating Resolver and Views

2010-03-16 Thread John Marshall
On Tue, 16 Mar 2010 08:14:40 + (UTC), John Marshall wrote: > > Client: 192.168.25.71 is querying the PTR record for its own address. > Server: 172.25.24.16 is querying itself for the DS record for the > parent of the zone which the client is querying (Why?). > There is no DS recor