Hi! I have set up a view for one site. It is bound to change answers as necessary for different IP-ranges. It works as far as I could see. But with one ip-range there is a problem ...
I can query internal addresses:
!user@kvm2~# host intweb.example.de
!intweb.example.de has address 192.168.180.46
But external ones do not work:
!user@kvm2:~# host google.com
!user@kvm2:~#
The host I am trying on has address 192.168.112.4 and I've set up my
view as:
!view "ex" {
! match-clients { 192.168.112.0/23; };
! recursion yes;
!
! include "/etc/named/master/rootns.conf";
! include "/etc/named/master/localhost.conf";
! include "/etc/named/master/empty.conf";
!
! zone "example.de." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zhz/fwd.example";
! };
! zone "mgm.example.de." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zin/fwd.example.mgm";
! };
!
! zone "1.168.192.in-addr.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zin/rev.192.168.1";
! };
! zone "112.168.192.in-addr.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zin/rev.192.168.112";
! };
! zone "113.168.192.in-addr.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zin/rev.192.168.113";
! };
! zone "180.168.192.in-addr.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zin/rev.192.168.180";
! };
! zone "181.168.192.in-addr.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zin/rev.192.168.181";
! };
!
! zone "hz.example.de." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/fwd.example.hz";
! allow-update { key "examplekey"; };
! };
! zone "in.example.de." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/fwd.example.in";
! allow-update { key "examplekey"; };
! };
! zone "no.example.de." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/fwd.example.no";
! allow-update { key "examplekey"; };
! };
!
! zone "1.168.192.in-dyn.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/rev.192.168.1";
! allow-update { key "examplekey"; };
! };
! zone "112.168.192.in-dyn.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/rev.192.168.112";
! allow-update { key "examplekey"; };
! };
! zone "113.168.192.in-dyn.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/rev.192.168.113";
! allow-update { key "examplekey"; };
! };
! zone "180.168.192.in-dyn.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/rev.192.168.180";
! allow-update { key "examplekey"; };
! };
! zone "181.168.192.in-dyn.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/rev.192.168.181";
! allow-update { key "examplekey"; };
! };
!};
Any idea why the server resolves internal names, but no external
ones to this view, while it does answer internal and external names
to an other view (same setup, only a different "view"-line)?
!view "no" {
! match-clients { 127.0.0.1/8; 192.168.180.0/23; };
! recursion yes;
![... same as above ...]
I've set up query logging, but this just tells me queries are
correctly processed. But not why no answer was sent.
--
Thomas
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
