Alain Fontaine <[email protected]> wrote:
> view "interne" {
> match-clients { clients-internes; };
> allow-query { clients-internes; };
> zone testzone.net {
> type slave;
> file "slave.int/net.testzone";
> masters { address_of_master; };
> };
> };
>
> view "externe" {
> match-clients { any; };
> zone testzone.net { in-view "interne"; };
> };
>
> There is no error message when reloading, but querying the zone from an
> "outside" address gives "REFUSED", as if the zone did not exist in the
> "externe" view.
Does it work if you set allow-query { any; }; in the testzone.net clause
in the interne view?
My guess is that the zone is inheriting the allow-query acl from its
parent view, and keeping that acl when it is shared by the externe view.
Tony.
--
f.anthony.n.finch <[email protected]> http://dotat.at/
Trafalgar: Cyclonic, mainly northerly, 6 to gale 8, occasionally severe gale 9
at first, becoming variable 4 for a time. Rough or very rough, occasionally
high at first, becoming moderate or rough. Rain at times. Moderate or good,
occasionally poor.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users