BIND9.3 zonename Problem

Pete Ehlke pde at
Sun Oct 31 13:25:35 UTC 2004

On Sun Oct 31, 2004 at 13:19:17 +0100, jesk wrote:
>i just configured a classles Reverse Delegation from BIND8 to BIND9.3.
>the zonename on the BIND9.3 ( system is
>i configured the zone as follows:
>zone "" {
>        type master;
>        file "master/";
>        allow-query { any; };
>the zone itself looks like this:
>$TTL                            18000
>@  IN SOA (
>                                2004103009  ; Serial number
>                                3H                 ; Refresh every 3 hours
>                                15M              ; Retry after 15 Minutes
>                                1W                ; Expire after 1 week
>                                4H )               ; Minimum 4 hourse
>        IN      NS
>        IN      NS
>225     IN      PTR
>226     IN      PTR
>227     IN      PTR
>now i recognized that resolving a ip of the subnet directly from
> wont work:
>"Host not found: 5(REFUSED)"
>On BIND9.3 says:
>"named[53719]: client x.x.x.x#58160: query (cache) '
>' denied"
>It seems that doesnt feel authoritativ for the zone,
>cause when setting allow-query { any; }; globally then resolving from
>a other bind9.3 resolver will work but from a bind8 resolver it wont...
>Am i totally stupid or whats going on there?
You told your server to be authoritative for, and told it to allow queries for that
zone. Then you query it for a record in, for
which you have not told it to be authoritative, and for which it has not
been told to allow queries. Therefore, your server refused your query.

Clinets on the internet that want to resolve will ask your upstream's servers,
which will pass them a CNAME that points to, for which your server will provide
an answer.

Also, please don't obscure your DNS data. It's silly, gets you no
privacy (the DNS is inherently public), often masks the real problem,
and hinders people who want to help you. And it leads to nearly
unreadable answers like the one I had to produce above...


More information about the bind-users mailing list