views and recursion problem

Kevin Darcy kcd at daimlerchrysler.com
Thu Jul 18 15:23:26 UTC 2002 

Eric Wood wrote:

> The question is why can't my internal lan able to query a domain on my external lan?
>
> I added a new domain called xyz.com to my external view.  I can dig and nslookup everything about xyz.com fine while logged into my external (public ip) servers.
>
> If I'm at a internal client station (which is NATed) I can't see the xyz.com domain *until* my ISP's DNS is updated.  So, it as if my "internal" view doesn't refer to my "external" view for an answer.  It just goes out to the other nameservers on the internet.
>
> My /etc/resolv.conf has my external DNS as the first nameserver to query, and my ISP's nameservers are farther down.  Even the allow-recursion argument didn't help.
>
> Any ideas?
>
> -eric wood
>
> acl "internal-subnet" { 10.0.0.0/8; 127.0.0.1; };
>
> view "internal" {
>  match-clients { "internal-subnet"; };
>  allow-recursion { "internal-subnet"; };
>  zone "interplas.com" {
>         type master;
>         file "named_internal/interplas.com";
>  };
>  zone "0.0.10.IN-ADDR.ARPA" {
>         type master;
>         file "named_internal/10.0.0";
>  };
>  zone "." {
>         type hint;
>         file "named.ca";
>  };
>  zone "0.0.127.IN-ADDR.ARPA" {
>         type master;
>         file "named.local";
>  };
> };
>
> view "external" {
>  match-clients { any; };
> zone "182.83.66.IN-ADDR.ARPA" {
>         type master;
>         file "66.83.182";
> };
> zone "." {
>         type hint;
>         file "named.ca";
> };
> zone "0.0.127.in-addr.arpa" {
>         type master;
>         file "named.local";
> };
> zone "xyz.com" {
>         type master;
>         file "xyz.com";
> };
> };

Well, your internal view basically says "resolve interplas.com, 0.0.10.in-addr.arpa and 0.0.127.in-addr.arpa locally, everything else goes out to the Internet", your external view basically says "resolve 0.0.127.in-addr.arpa and xyz.com locally, everything else
goes out to the Internet", so it would seem it is working as designed.

Why don't you define xyz.com in the internal view? You could point it to the same zonefile.

                                                                                                                            - Kevin

More information about the bind-users mailing list