Resolving locally hosted zones to trusted clients

Barry Margolin barmar at
Fri Oct 29 00:44:20 UTC 2004

In article <clrj12$1jkj$1 at>, Matt Goli <mattgoli at> 

> Greetings all:
> I've setup a public BIND 9.2.2 server to host a number of zones for our 
> companies domains based on Rob Thomas's "Secure BIND Template" 
> I have one view (external-in) setup to allow any device to query the 
> public domains from this BIND server and am not allowing recursive 
> lookups from public IPs.  I have a second view (internal-in) setup that 
> performs recursive lookups for a ACL of "trusted" IP addresses, and 
> that is working as expected.  My problem comes in when trusted IP 
> addresses attempt to query a zone out of my "external-in" view.  I 
> simply get a "connection timed out; no servers could be reached" when I 
> dig from the trusted IP addresses.
> So in summery, I can do the following from trusted ip address 
> 	dig @
> But cannot do:
> 	dig @
> But from an untrusted IP I can do:
> 	dig @
> Below is my named.conf file for reference.  Any feedback is greatly 
> appreciated.

You need to include the public zones in the internal view, since 
internal clients can only see the zones that are listed in that view.

Barry Margolin, barmar at
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

More information about the bind-users mailing list