Problems with ACLs in BIND 8.2.3? What am I doing wrong?

Eivind Olsen eivind.olsen at ttyl.com
Wed May 23 19:28:44 UTC 2001 

Hello.

I recently started re-configuring a DNS-server (well, more than one 
really). The setup is one backend DNS-server (the real master) feeding a 
few frontend DNS-servers. There are a few places in the named.conf file 
where I need to refer to the frontend-servers so I thought ACLs were the 
way to go, but I can't get it to work. It is probably me doing something 
wrong, but I can't see what it is. Hopefully someone else can. ;)

The problem is somewhere on the backend-server which is currently running 
BIND 8.2.3-REL (yes, there are plans to upgrade it - some time in the 
future).

When I start the DNS with this is what I get in the log:

May 23 14:54:59 dns01 named[23570]: [ID 295310 daemon.notice] starting 
(/var/dns/PSNLbind8/external/external.conf).  named 8.2.3-REL Thu Feb  1 
21:05:18 MET 2001
May 23 14:54:59 dns01 
paulz at seldoff:/home/paulz/src/sol26/bind-8.2.3/src/bin/named
May 23 14:54:59 dns01 named[23570]: [ID 295310 daemon.error] 
/var/dns/PSNLbind8/external/external.conf:50: syntax error near 
"externaldns"
May 23 14:54:59 dns01 named[23570]: [ID 295310 daemon.error] 
/var/dns/PSNLbind8/external/external.conf:51: syntax error near '}'
May 23 14:54:59 dns01 named[23570]: [ID 295310 daemon.error] 
/var/dns/PSNLbind8/external/external.conf:59: syntax error near 
"externaldns"
May 23 14:54:59 dns01 named[23570]: [ID 295310 daemon.error] 
/var/dns/PSNLbind8/external/external.conf:60: syntax error near '}'
May 23 14:54:59 dns01 named[23571]: [ID 295310 daemon.notice] Ready to 
answer queries.

Here is a copy of the named.conf file (or, external.conf in this case):

-START-
// This is a configuration file for named (from BIND 8.1 or later).
// It would normally be installed as /etc/named.conf.

acl "internaldns" {
	10.1.1.10; 10.1.1.11;
};

acl "externaldns" {
	10.1.2.10; 10.1.2.11;
};

options {
	directory "/var/dns/PSNLbind8/external";
	dump-file "external_dump.db";
	pid-file "external_named.pid";
	check-names master warn;		/* default. */
	datasize 20M;
	recursion no;
	fetch-glue no;
	listen-on { 10.1.2.1; };
	version "secret";
};

controls {
        unix "/var/run/PSNLbind8/ndc.d/external.ndc" perm 0770 owner 210 
group 40 ;
};

zone "localhost" IN {
	type master;
	file "localhost.zone";
	check-names fail;
	allow-update { none; };
	allow-transfer { none; };
};

zone "0.0.127.in-addr.arpa" IN {
	type master;
	file "127.0.0.zone";
	check-names fail;
	allow-update { none; };
	allow-transfer { none; };
};

zone "example.com" IN {
	type master;
	file "example.external.zone";
	check-names fail;
	allow-update { none; };
	allow-transfer { "externaldns" };
	also-notify { "externaldns" };
};

zone "232.70.10.in-addr.arpa" in {
	type master;
	file "217.70.10.zone";
	check-names fail;
	allow-update { none; };
	allow-transfer { "externaldns" };
	also-notify { "externaldns" };
};
-STOP-


--
Talk To You Later
Eivind Olsen

More information about the bind-users mailing list