forwarding question

Kevin Darcy kcd at daimlerchrysler.com
Tue Jan 23 02:07:50 UTC 2001


allow-update isn't available as a global option, only as a per-zone option.
Whenever named saw the illegal construct, it probably aborted parsing of
the entire options clause -- if allow-update was at the end of the clause,
it didn't make any difference, but if the forwarding statements followed
it, then they were getting effectively skipped. If you insist on adding
"allow-update { none; };", you must do so for every zone.

Personally, I'm from the minimalist school of configuration -- I don't
define anything unless I have to. I think this is a golden example of why
defining unnecessary things "just to be sure" often causes more harm than
good (although the more common situation is that the config gets so
cluttered with unnecessary stuff that it confuses administrators into
making mistakes).


- Kevin

Pete O'Hara wrote:

> Hi,
> I am running bind-8.2.2p7 and am having a forwarding problem. It seems
> that the queries don't get passed on to the forwarders unless the
> forwarders directives are listed BEFORE the "allow-updates" directive. I
> realize that in bind 8 "allow-updates" is none by default but I put it
> in any just to assure that it is set to none. (See the following
> named.conf options section).  Does anyone know why I might need to put
> the forwarders entries before the allow-update? Is this a bug? It's a
> problem because we are writing scripts to modify named.conf and it would
> be less complicated to not have to worrying about the physical position
> of the forwarding directives.
>
> options {
>         directory "/var/named";
>         dump-file "/var/tmp/named_dump.db";             //
> _PATH_DUMPFILE
>         pid-file "/var/run/named.pid";                  // _PATH_PIDFILE
>
>         statistics-file "/var/tmp/named.stats";         // _PATH_STATS
>         memstatistics-file "/var/tmp/named.memstats";   //
> _PATH_MEMSTATS
>
>         check-names master warn;
>         check-names slave warn;
>         check-names response warn;
>         notify yes;
>         datasize 20M;
>         allow-transfer {
>                 none;
>                 };
>         allow-query {
>                 any;
>                 };
>          forwarders {
>             192.168.1.1;
>                 };
>         forward only;
>         allow-update { none; };
>
> };
>
> Thanks much,
> Pete






More information about the bind-users mailing list