On 6/18/2011 12:08 AM, Thomas Schweikle wrote:
Hi!
I have set up a view for one site. It is bound to change answers as
necessary for different IP-ranges. It works as far as I could see.
But with one ip-range there is a problem ...
I can query internal addresses:
!user@kvm2~# host intweb.example.de
!intweb.example.de has address 192.168.180.46
But external ones do not work:
!user@kvm2:~# host google.com
!user@kvm2:~#
The host I am trying on has address 192.168.112.4 and I've set up my
view as:
!view "ex" {
! match-clients { 192.168.112.0/23; };
! recursion yes;
!
! include "/etc/named/master/rootns.conf";
! include "/etc/named/master/localhost.conf";
! include "/etc/named/master/empty.conf";
!
! zone "example.de." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zhz/fwd.example";
! };
! zone "mgm.example.de." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zin/fwd.example.mgm";
! };
!
! zone "1.168.192.in-addr.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zin/rev.192.168.1";
! };
! zone "112.168.192.in-addr.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zin/rev.192.168.112";
! };
! zone "113.168.192.in-addr.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zin/rev.192.168.113";
! };
! zone "180.168.192.in-addr.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zin/rev.192.168.180";
! };
! zone "181.168.192.in-addr.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! notify no;
! file "/etc/named/zin/rev.192.168.181";
! };
!
! zone "hz.example.de." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/fwd.example.hz";
! allow-update { key "examplekey"; };
! };
! zone "in.example.de." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/fwd.example.in";
! allow-update { key "examplekey"; };
! };
! zone "no.example.de." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/fwd.example.no";
! allow-update { key "examplekey"; };
! };
!
! zone "1.168.192.in-dyn.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/rev.192.168.1";
! allow-update { key "examplekey"; };
! };
! zone "112.168.192.in-dyn.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/rev.192.168.112";
! allow-update { key "examplekey"; };
! };
! zone "113.168.192.in-dyn.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/rev.192.168.113";
! allow-update { key "examplekey"; };
! };
! zone "180.168.192.in-dyn.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/rev.192.168.180";
! allow-update { key "examplekey"; };
! };
! zone "181.168.192.in-dyn.arpa." {
! type master;
! allow-transfer { key "mskey"; };
! file "/var/lib/named/rev.192.168.181";
! allow-update { key "examplekey"; };
! };
!};
Any idea why the server resolves internal names, but no external
ones to this view, while it does answer internal and external names
to an other view (same setup, only a different "view"-line)?
!view "no" {
! match-clients { 127.0.0.1/8; 192.168.180.0/23; };
! recursion yes;
![... same as above ...]
I've set up query logging, but this just tells me queries are
correctly processed. But not why no answer was sent.
1. Turn on query logging. See where the query is coming from and what
view is being matched.
2. What's in those "include" files? You're not showing a complete
picture of your config
3. What on earth is "in-dyn.arpa"?
4. What's with all the trailing dots in your zone names? At the very
least, they occupy unnecessary space; at the worst, they might be
confusing named.
- Kevin
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
