BIND9.3 zonename Problem

Mark Andrews Mark_Andrews at
Sun Oct 31 22:56:51 UTC 2004

> On BIND9.3 says:
> ---
> "named[53719]: client x.x.x.x#58160: query (cache) '
>' denied"
> ---

	Since everyone seems to be missing the real error.

	This has nothing to do with the allow-query in the zone. is NOT in the zone.

	Host makes a query for not for
	227.224-  This would normally
	work as it would be asking its own recursive servers.
	By specifying the server to query you asked it to become
	the recursive server which of course failed as your server
	was not setup to do this.

	The allow-query acl in options doesn't allow this client to
	query the cache.

	You can fix this one of two ways:
	*  Open up the allow-query in options to allow this client to
	   access the cache.  
	*  Become a slave for the parent zone and allow this client to
	   access the parent zone.  This also provides fault tolerance
	   for your local clients when the external network is down as
	   it allows the mappings (CNAMES) from the well known names to
	   the names in your zone to found without having to make a
	   external query.

	zone "" {
		type slave;
		file "slave/";
		masters {;; };
		allow-query { any; };

	zone "" {
		type master;
		file "master/";
		allow-query { any; };
		allow-transfer { "slave-aard"; };


Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at

More information about the bind-users mailing list