I've been aware of this problem since it first came up on this and nanog's list, but I'm having some configuration issues trying to make the upward referrel be refused. I'm running bind-9.6.0P1, but I'm still seeing the NS queries being answered in the log:
11-Feb-2009 09:34:25.489 queries: client 195.68.176.4#53715: view external-in: query: . IN NS + 11-Feb-2009 09:35:04.525 queries: client 195.40.1.15#58313: view external-in: query: ox.com IN NS -EDC 11-Feb-2009 09:35:28.121 queries: client 195.68.176.4#48472: view external-in: query: . IN NS + 11-Feb-2009 09:35:44.138 queries: client 195.40.1.11#59164: view external-in: query: ox.com IN NS -EDC 11-Feb-2009 09:36:30.755 queries: client 195.68.176.4#39942: view external-in: query: . IN NS + 11-Feb-2009 09:37:33.388 queries: client 195.68.176.4#11158: view external-in: query: . IN NS + 11-Feb-2009 09:38:36.022 queries: client 195.68.176.4#16095: view external-in: query: . IN NS + My config follows, any suggestion? options { directory "/var/named"; pid-file "/var/named/named.pid"; statistics-file "/var/named/named.stats"; memstatistics-file "/var/named/named.memstats"; dump-file "/var/adm/named.dump"; zone-statistics yes; notify no; transfer-format many-answers; max-transfer-time-in 60; interface-interval 0; recursion no; allow-transfer { xfer; }; allow-query { none; }; allow-recursion { none; }; additional-from-auth no; additional-from-cache no; }; view "internal-in" in { match-clients { trusted; }; recursion yes; additional-from-auth yes; additional-from-cache yes; allow-query { trusted; }; allow-recursion { trusted; }; allow-query-cache { trusted; }; zone "." in { type hint; file "db.cache"; }; zone "0.0.127.in-addr.arpa" in { type master; file "master/db.127.0.0"; allow-query { any; }; allow-transfer { none; }; }; zone "foo.com" in { type master; file "master/db.foo"; }; ... ... ... }; view "external-in" in { match-clients { any; }; recursion no; allow-transfer { xfer; }; allow-query { none; }; allow-recursion { none; }; additional-from-auth no; additional-from-cache no; zone "." in { type hint; file "db.cache"; }; zone "foo.com" in { type master; file "master/db.foo"; allow-query { any; }; }; ... ... ... }; ---- Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139
Matthew Huff.vcf
Description: Binary data
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users