Hi Mark, Yes, bind work fine without allow-query statement in view. Here is my named.conf and view:
options { allow-query { "trusted"; }; }; view "mynetwork" in { match-clients {"trusted"; }; recursion yes; allow-transfer { "xfer"; }; additional-from-auth yes; additional-from-cache yes; view "internet" in { match-clients { any; }; recursion no; allow-transfer { "xfer"; }; additional-from-auth no; additional-from-cache no; Do you mean "allow-query" statement necessary need on view? -- Best regards, David http://blog.pnyet.web.id On 12/02/2010 12:04 PM, Mark Andrews wrote: > In message <4cf723ef.4050...@pnyet.web.id>, "David S." writes: > >> Dear All, >> >> My BIND is running on CentOS 5.5 64bit, I'm getting problem after >> upgrading from 9.7.2-P2 to 9.7.2-P3, see below to detail may upgrade >> process: >> 1. download bind >> 2. tar -zxvf bind.xxx >> 3. sudo ./configure --perfix=/usr/loca/named >> 4. sudo make >> 5. sudo make install >> >> Restart the bind service, and I found query denied from internet to my >> public domain. My Bind is configured using split dns and before upgrade >> bind service is very well. >> >> Anyone help me? >> > Perhaps a allow-query statement is now working which wasn't before? > > Mark > > 2969. [security] Fix acl type processing so that allow-query works > in options and view statements. Also add a new > set of tests to verify proper functioning. > > CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) > CVE-2010-3615, VU#510208. [RT #22418] > > Mark > _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users