Problem with BIND 9 and OpenBSD 3.4

Kevin Darcy kcd at daimlerchrysler.com
Tue Dec 9 22:43:41 UTC 2003


G.T. wrote:

><Mark_Andrews at isc.org> wrote in message news:br2ut5$1h9m$1 at sf1.isc.org...
>  
>
>>>I figured I'd finally get around to upgrading OpenBSD to 3.4 from 3.2
>>>      
>>>
>and
>  
>
>>>left BIND for last since I figured it would be trivial to get going.
>>>      
>>>
>I'd
>  
>
>>>never had any problems with BIND 4 or 8 in the past but I sure am having
>>>trouble now.   Queries from my internal network (listed in the acl
>>>      
>>>
>clients)
>  
>
>>>work fine.   Here's my named.conf with only the rndc.key changed (let me
>>>know if you'd like to see my zone files, too):
>>>
>>>acl clients {
>>>         192.168/16;
>>>         localhost;
>>>         ::1;
>>>};
>>>      
>>>
>>>view "authoritative" {
>>>         match-clients { !clients; };
>>>      
>>>
>>This is "deny clients;" (explicit) "deny everyone;" (implicit).
>>
>>You want
>>
>>match-clients { !client; any; };
>>
>>or given that the internal view is before this view and will
>>collect all the clients you can remove the !clients.
>>
>>match-clients { any; };
>>
>>    
>>
>
>Thanks for looking.
>
>Originally I had { any; }; there.  So I switched back in case there were
>other things wrong in previous versions of my named.conf.  But I'm still
>seeing the same problems.  If I use www.dsnreport.com for troubleshooting
>the parent server stuff comes out fine but when it gets to my ns section it
>says:  "None of your nameservers returned your NS records; they could be
>down
> or unreachable, or could all be lame nameservers".  And I see the following
>in my logs after turning on querylog:
>
>Dec  8 20:50:35 grits named[19328]: client 69.2.200.182#1642: query:
>2fortheroad.net IN NS
>Dec  8 20:50:35 grits named[19328]: client 69.2.200.182#1643: query:
>version.bind CH TXT
>Dec  8 20:50:35 grits named[19328]: client 69.2.200.182#1644: query:
>2fortheroad.net IN SOA
>Dec  8 20:50:35 grits named[19328]: client 69.2.200.182#1645: query:
>2fortheroad.net IN MX
>Dec  8 20:50:35 grits named[19328]: client 69.2.200.182#1646: query:
>www.2fortheroad.net IN A
>Dec  8 20:50:35 grits named[19328]: client 69.2.200.182#1647: query:
>2fortheroad.net IN CNAME
>Dec  8 20:50:35 grits named[19328]: client 69.2.200.182#1648: query:
>ns1.2fortheroad.net IN CNAME
>
>Again, I've turned off pf and still no go.  I had changed my host record
>with network solutions last week but per dnsreport.com they are seeing the
>new ip, 67.127.23.18.
>
>Any other ideas?  My zones check out with named-checkzone and my internal
>zone works fine.
>
67.127.23.18 appears to be giving SERVFAIL responses to any question 
related to the 2fortheroad.net zone. You say this is the *new* IP??? 
It's what the .net TLD servers are giving as the glue record. The 
granitecanyon.com nameserver doesn't seem to know anything about your 
zone...

                                                                         
                                    - Kevin




More information about the bind-users mailing list