my secondary ns won't answer external queries
Chip Mefford
cpm at well.com
Wed Oct 13 19:11:53 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The server is running bind 9.3.0
Due to my cluelessness, it is having to
be a master in some places where it should be a slave as
my dmz isn't really settled down yet.
That said,
It works fine for internal clients, but
refuses queries externally.
it is ns2.avwashington.com
at 199.227.4.38, here is the
named.conf (truncated for space, hence
the and so on comment)
One can connect to port 53 with telnet, so it
isn't a firewall issue, (I think), perhaps
it is something else.
If anyone spots anything obvious, please let me know.
Thanks kindly
- --chipper
//src /etc/named.conf ver 3.0 20031205
//generated out of cmefford at avwashington.com leaking brain
acl secondaries {
~ 127.0.0.1/32;
~ 199.227.4.32/27;
};
acl internal-clients {
~ 127.0.0.1/32;
~ 192.168.0.0/24;
~ 199.227.4.32/27;
};
acl "bogus" { 224.254.254.254; };
logging {
~ channel named_syslog {
~ syslog daemon;
~ severity info;
~ };
~ channel bind_stuff {
~ file "/var/log/named";
~ severity debug;
~ };
~ category default { named_syslog; };
~ category statistics { named_syslog; bind_stuff; };
~ category queries { bind_stuff; };
};
options {
~ directory "/var/named";
~ /*
~ * If there is a firewall between you and nameservers you want
~ * to talk to, you might need to uncomment the query-source
~ * directive below. Previous versions of BIND always asked
~ * questions using port 53, but BIND 8.1 uses an unprivileged
~ * port by default.
~ */
~ // query-source address * port 53;
~ blackhole { "bogus"; };
~ allow-transfer { secondaries; };
~ pid-file "/var/run/named/named.pid";
};
view "internal" {
~ match-clients { internal-clients; };
~ recursion yes;
~ zone "0.168.192.in-addr.arpa" IN {
~ type slave;
~ file "internal/slave/db.192.168.0";
~ masters {
~ 199.227.4.60; };
~ };
~ zone "avwashington.com" IN {
~ type master;
~ file "internal/master/internal.avwashington.com";
~ allow-update { none; };
~ };
~ zone "4.227.199.in-addr.arpa" IN {
~ type master;
~ file "external/master/4.227.199.in-addr.arpa";
~ allow-update { none; };
~ };
//And so on,
};
view "external" {
~ match-clients { !internal_clients; any; };
~ recursion no;
~ zone "." IN {
~ type hint;
~ file "named.ca";
~ };
~ zone "localhost" IN {
~ type master;
~ file "localhost.zone";
~ allow-update { none; };
~ };
~ zone "0.0.127.in-addr.arpa" IN {
~ type master;
~ file "named.local";
~ allow-update { none; };
~ };
~ zone "avwashington.com" IN {
~ type master;
~ file "external/master/avwashington.com";
~ allow-update { none; };
~ };
~ zone "4.227.199.in-addr.arpa" IN {
~ type master;
~ file "external/master/4.227.199.in-addr.arpa";
~ allow-update { none; };
~ };
//and so on
};
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbX3ja44x14FCa6ARAipqAKCPTWA1pAORo0oo7T2tR6s6WpCx2gCdHHlK
Ejg6q3KiIi8O8nHNqdWxjyM=
=O1IK
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list