multiple inernal views
Stéphane
plop at plop.plop
Fri Jan 28 14:53:12 UTC 2005
Hi,
These are my first steps with bind ... and i have some problems...
Thanks to help me :-)
Even if it seems to be strange i have a gateway with 5 networks and they
can't talk together
1) internet
2) stephane's computer (192.168.1.0)
3) patrick's computer (192.168.2.0)
4) marine (192.168.3.0)
5) and invite (192.168.123.0)
#########################################################################################################
$ uname -a
FreeBSD delta.thubert.net 5.3-RELEASE-p1 FreeBSD 5.3-RELEASE-p1 #1: Tue Nov
30 21:31:21 CET 2004
#########################################################################################################
$ cat /etc/rc.conf | grep named
# DNS server
named_enable="YES"
named_program="/usr/sbin/named"
named_flags="-u bind"
named_pidfile="/var/run/named/pid"
named_chrootdir="/var/named"
named_chroot_autoupdate="YES"
named_symlink_enable="YES"
#########################################################################################################
$ find /var/named/
/var/named/
/var/named/dev
/var/named/dev/null
/var/named/dev/random
/var/named/dev/bpf1
/var/named/dev/bpf2
/var/named/dev/bpf3
/var/named/dev/ptyp0
/var/named/dev/ttyp0
/var/named/etc
/var/named/etc/namedb
/var/named/etc/namedb/master
/var/named/etc/namedb/master/named.root
/var/named/etc/namedb/master/1.168.192.in-addr.arpa.zone
/var/named/etc/namedb/master/123.168.192.in-addr.arpa.zone
/var/named/etc/namedb/master/2.168.192.in-addr.arpa.zone
/var/named/etc/namedb/master/3.168.192.in-addr.arpa.zone
/var/named/etc/namedb/master/pc-invite.thubert.net.zone
/var/named/etc/namedb/master/pc-marine.thubert.net.zone
/var/named/etc/namedb/master/pc-patrick.thubert.net.zone
/var/named/etc/namedb/master/pc-stephane.thubert.net.zone
/var/named/etc/namedb/master/thubert.net.zone.ext
/var/named/etc/namedb/master/sur-le-web.com.zone
/var/named/etc/namedb/master/local.in-addr.arpa.zone
/var/named/etc/namedb/named.conf
/var/named/etc/namedb/rndc.key
/var/named/etc/namedb/slave
/var/named/etc/localtime
/var/named/var
/var/named/var/dump
/var/named/var/log
/var/named/var/run
/var/named/var/run/named
/var/named/var/run/named/pid
/var/named/var/run/log
/var/named/var/run/named.pid
/var/named/var/stats
#########################################################################################################
$ tail -n 54 /var/log/messages
Jan 28 11:34:48 delta root: /etc/rc: WARNING: named chroot: /etc/namedb is a
directory!
Jan 28 11:34:48 delta named[303]: starting BIND 9.3.0 -u bind -t /var/named
Jan 28 11:34:49 delta named[303]: command channel listening on 127.0.0.1#953
Jan 28 11:34:49 delta named[303]: command channel listening on ::1#953
Jan 28 11:34:49 delta named[303]: master/pc-stephane.thubert.net.zone:3:
ignoring out-of-zone data (thubert.net)
Jan 28 11:34:49 delta named[303]: master/pc-stephane.thubert.net.zone:15:
ignoring out-of-zone data (pc-patrick.thubert.net)
Jan 28 11:34:49 delta named[303]: master/pc-stephane.thubert.net.zone:16:
ignoring out-of-zone data (pc-marine.thubert.net)
Jan 28 11:34:49 delta named[303]: master/pc-stephane.thubert.net.zone:17:
ignoring out-of-zone data (pc-invite.thubert.net)
Jan 28 11:34:49 delta named[303]: master/pc-stephane.thubert.net.zone:18:
ignoring out-of-zone data (*.thubert.net)
Jan 28 11:34:49 delta named[303]: zone
pc-stephane.thubert.net/IN/intranet_view_pc-stephane: could not find NS
and/or SOA records
Jan 28 11:34:49 delta named[303]: zone
pc-stephane.thubert.net/IN/intranet_view_pc-stephane: has 0 SOA records
Jan 28 11:34:49 delta named[303]: zone
pc-stephane.thubert.net/IN/intranet_view_pc-stephane: has no NS records
Jan 28 11:34:49 delta named[303]: master/pc-patrick.thubert.net.zone:3:
ignoring out-of-zone data (thubert.net)
Jan 28 11:34:49 delta named[303]: master/pc-patrick.thubert.net.zone:14:
ignoring out-of-zone data (pc-stephane.thubert.net)
Jan 28 11:34:49 delta named[303]: master/pc-patrick.thubert.net.zone:16:
ignoring out-of-zone data (pc-marine.thubert.net)
Jan 28 11:34:49 delta named[303]: master/pc-patrick.thubert.net.zone:17:
ignoring out-of-zone data (pc-invite.thubert.net)
Jan 28 11:34:49 delta named[303]: master/pc-patrick.thubert.net.zone:18:
ignoring out-of-zone data (*.thubert.net)
Jan 28 11:34:49 delta named[303]: zone
pc-patrick.thubert.net/IN/intranet_view_pc-patrick: could not find NS and/or
SOA records
Jan 28 11:34:49 delta named[303]: zone
pc-patrick.thubert.net/IN/intranet_view_pc-patrick: has 0 SOA records
Jan 28 11:34:49 delta named[303]: zone
pc-patrick.thubert.net/IN/intranet_view_pc-patrick: has no NS records
Jan 28 11:34:50 delta named[303]: master/pc-marine.thubert.net.zone:3:
ignoring out-of-zone data (thubert.net)
Jan 28 11:34:50 delta named[303]: master/pc-marine.thubert.net.zone:14:
ignoring out-of-zone data (pc-stephane.thubert.net)
Jan 28 11:34:50 delta named[303]: master/pc-marine.thubert.net.zone:15:
ignoring out-of-zone data (pc-patrick.thubert.net)
Jan 28 11:34:50 delta named[303]: master/pc-marine.thubert.net.zone:17:
ignoring out-of-zone data (pc-invite.thubert.net)
Jan 28 11:34:50 delta named[303]: master/pc-marine.thubert.net.zone:18:
ignoring out-of-zone data (*.thubert.net)
Jan 28 11:34:50 delta named[303]: zone
pc-marine.thubert.net/IN/intranet_view_pc-marine: could not find NS and/or
SOA records
Jan 28 11:34:50 delta named[303]: zone
pc-marine.thubert.net/IN/intranet_view_pc-marine: has 0 SOA records
Jan 28 11:34:50 delta named[303]: zone
pc-marine.thubert.net/IN/intranet_view_pc-marine: has no NS records
Jan 28 11:34:50 delta named[303]: master/pc-invite.thubert.net.zone:3:
ignoring out-of-zone data (thubert.net)
Jan 28 11:34:50 delta named[303]: master/pc-invite.thubert.net.zone:14:
ignoring out-of-zone data (pc-stephane.thubert.net)
Jan 28 11:34:50 delta named[303]: master/pc-invite.thubert.net.zone:15:
ignoring out-of-zone data (pc-patrick.thubert.net)
Jan 28 11:34:50 delta named[303]: master/pc-invite.thubert.net.zone:16:
ignoring out-of-zone data (pc-marine.thubert.net)
Jan 28 11:34:50 delta named[303]: master/pc-invite.thubert.net.zone:18:
ignoring out-of-zone data (*.thubert.net)
Jan 28 11:34:50 delta named[303]: zone
pc-invite.thubert.net/IN/intranet_view_pc-invite: could not find NS and/or
SOA records
Jan 28 11:34:50 delta named[303]: zone
pc-invite.thubert.net/IN/intranet_view_pc-invite: has 0 SOA records
Jan 28 11:34:50 delta named[303]: zone
pc-invite.thubert.net/IN/intranet_view_pc-invite: has no NS records
Jan 28 11:34:50 delta ntpd[404]: ntpd 4.2.0-a Tue Nov 30 19:19:25 CET 2004
(1)
Jan 28 11:34:56 delta dhcpd:
Jan 28 11:34:56 delta dhcpd: No subnet declaration for rl0 (81.56.177.232).
Jan 28 11:34:56 delta dhcpd: ** Ignoring requests on rl0. If this is not
what
Jan 28 11:34:56 delta dhcpd: you want, please write a subnet declaration
Jan 28 11:34:56 delta dhcpd: in your dhcpd.conf file for the network
segment
Jan 28 11:34:56 delta dhcpd: to which interface rl0 is attached. **
Jan 28 11:34:56 delta dhcpd:
Jan 28 11:34:56 delta proftpd[498]: delta - ProFTPD 1.2.9 (stable) (built
Fri Dec 5 19:04:27 GMT 2003) standalone mode STARTUP
Jan 28 11:34:57 delta dhcpd: if pc-stephane.thubert.net IN A rrset doesn't
exist add pc-stephane.thubert.net 300 IN A 192.168.1.11: timed out.
Jan 28 11:39:58 delta dhcpd: if pc-stephane.thubert.net IN A rrset doesn't
exist add pc-stephane.thubert.net 300 IN A 192.168.1.11: timed out.
Jan 28 11:41:21 delta su: stephane to root on /dev/ttyp0
Jan 28 11:42:06 delta dhcpd: if pc-marine.thubert.net IN A rrset doesn't
exist add pc-marine.thubert.net 300 IN A 192.168.3.33: timed out.
Jan 28 11:43:25 delta ntpd[404]: time reset +0.361839 s
Jan 28 11:43:25 delta ntpd[404]: kernel time sync disabled 2041
Jan 28 11:44:59 delta dhcpd: if pc-stephane.thubert.net IN A rrset doesn't
exist add pc-stephane.thubert.net 300 IN A 192.168.1.11: timed out.
Jan 28 11:49:59 delta dhcpd: if pc-stephane.thubert.net IN A rrset doesn't
exist add pc-stephane.thubert.net 300 IN A 192.168.1.11: timed out.
Jan 28 11:50:46 delta dhcpd: if pc-marine.thubert.net IN A rrset doesn't
exist add pc-marine.thubert.net 300 IN A 192.168.3.33: timed out.
Jan 28 11:54:59 delta dhcpd: if pc-stephane.thubert.net IN A rrset doesn't
exist add pc-stephane.thubert.net 300 IN A 192.168.1.11: timed out.
Jan 28 11:55:46 delta dhcpd: if pc-marine.thubert.net IN A rrset doesn't
exist add pc-marine.thubert.net 300 IN A 192.168.3.33: timed out.
#########################################################################################################
$ cat /var/named/etc/namedb/named.conf
## named.conf - configuration for bind
#
# Include multiple views for external & internal DNS resolution
#key "rndc-key" {
# algorithm hmac-md5;
# secret "secret =)";
#};
##################################################################################################
## Let's define Access Control Lists
##################################################################################################
acl pc-stephane { 192.168.1.11; };
acl pc-patrick { 192.168.2.22; };
acl pc-marine { 192.168.3.33; };
acl pc-invite { 192.168.123.123; };
acl localh { 127.0.0.0/8; };
acl internet { !pc-stephane; !pc-patrick; !pc-marine; !pc-invite;
!localh; any; };
acl dnssec_xname { 195.20.105.149; 193.23.158.13; };
acl dnssec_amen { 62.193.206.141; 217.174.202.225; };
options {
listen-on { any; };
query-source address * port 53;
# everyting if forbidden...
allow-transfer { none; };
allow-query { any; };
allow-recursion { pc-stephane; pc-patrick; pc-marine; pc-invite; localh; };
directory "/etc/namedb/";
zone-statistics yes;
version "I hope this is a joke !";
};
#controls {
# inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
#};
##################################################################################################
## Internal view for pc-stephane
##################################################################################################
view intranet_view_pc-stephane {
match-clients { pc-stephane; };
zone "." IN {
type hint;
file "master/named.root";
};
zone "ac" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "com" { type delegation-only; };
zone "cx" { type delegation-only; };
zone "museum" { type delegation-only; };
zone "net" { type delegation-only; };
zone "nu" { type delegation-only; };
zone "sh" { type delegation-only; };
zone "tm" { type delegation-only; };
zone "ws" { type delegation-only; };
#########################################################################################
## Local zones
##
zone "0.0.127.in-addr.arpa" IN {
type master;
file "master/local.in-addr.arpa.zone";
};
## zone "localhost" IN {
## type master;
## file "master/local.zone";
## };
#########################################################################################
## Public zones
##
zone "pc-stephane.thubert.net" IN {
type master;
file "master/pc-stephane.thubert.net.zone";
## allow-transfer { pc-stephane; };
};
zone "sur-le-web.com" IN {
type master;
file "master/sur-le-web.com.zone";
## allow-transfer { pc-stephane; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "master/1.168.192.in-addr.arpa.zone";
notify no;
};
};
##################################################################################################
## Internal view for pc-patrick
##################################################################################################
view intranet_view_pc-patrick {
match-clients { pc-patrick; };
zone "." IN {
type hint;
file "master/named.root";
};
zone "ac" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "com" { type delegation-only; };
zone "cx" { type delegation-only; };
zone "museum" { type delegation-only; };
zone "net" { type delegation-only; };
zone "nu" { type delegation-only; };
zone "sh" { type delegation-only; };
zone "tm" { type delegation-only; };
zone "ws" { type delegation-only; };
#########################################################################################
## Local zones
##
zone "0.0.127.in-addr.arpa" IN {
type master;
file "master/local.in-addr.arpa.zone";
};
## zone "localhost" IN {
## type master;
## file "master/local.zone";
## };
#########################################################################################
## Public zones
##
zone "pc-patrick.thubert.net" IN {
type master;
file "master/pc-patrick.thubert.net.zone";
## allow-transfer { pc-patrick; };
};
zone "sur-le-web.com" IN {
type master;
file "master/sur-le-web.com.zone";
## allow-transfer { pc-patrick; };
};
zone "2.168.192.in-addr.arpa" IN {
type master;
file "master/2.168.192.in-addr.arpa.zone";
notify no;
};
};
##################################################################################################
## Internal view for pc-marine
##################################################################################################
view intranet_view_pc-marine {
match-clients { pc-marine; };
zone "." IN {
type hint;
file "master/named.root";
};
zone "ac" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "com" { type delegation-only; };
zone "cx" { type delegation-only; };
zone "museum" { type delegation-only; };
zone "net" { type delegation-only; };
zone "nu" { type delegation-only; };
zone "sh" { type delegation-only; };
zone "tm" { type delegation-only; };
zone "ws" { type delegation-only; };
#########################################################################################
## Local zones
##
zone "0.0.127.in-addr.arpa" IN {
type master;
file "master/local.in-addr.arpa.zone";
};
## zone "localhost" IN {
## type master;
## file "master/local.zone";
## };
#########################################################################################
## Public zones
##
zone "pc-marine.thubert.net" IN {
type master;
file "master/pc-marine.thubert.net.zone";
## allow-transfer { pc-marine; };
};
zone "sur-le-web.com" IN {
type master;
file "master/sur-le-web.com.zone";
## allow-transfer { pc-marine; };
};
zone "3.168.192.in-addr.arpa" IN {
type master;
file "master/3.168.192.in-addr.arpa.zone";
notify no;
};
};
##################################################################################################
## Internal view for pc-invite
##################################################################################################
view intranet_view_pc-invite {
match-clients { pc-invite; };
zone "." IN {
type hint;
file "master/named.root";
};
zone "ac" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "com" { type delegation-only; };
zone "cx" { type delegation-only; };
zone "museum" { type delegation-only; };
zone "net" { type delegation-only; };
zone "nu" { type delegation-only; };
zone "sh" { type delegation-only; };
zone "tm" { type delegation-only; };
zone "ws" { type delegation-only; };
#########################################################################################
## Local zones
##
zone "0.0.127.in-addr.arpa" IN {
type master;
file "master/local.in-addr.arpa.zone";
};
## zone "localhost" IN {
## type master;
## file "master/local.zone";
## };
#########################################################################################
## Public zones
##
zone "pc-invite.thubert.net" IN {
type master;
file "master/pc-invite.thubert.net.zone";
## allow-transfer { pc-invite; };
};
zone "sur-le-web.com" IN {
type master;
file "master/sur-le-web.com.zone";
## allow-transfer { pc-invite; };
};
zone "123.168.192.in-addr.arpa" IN {
type master;
file "master/123.168.192.in-addr.arpa.zone";
notify no;
};
};
##################################################################################################
## External View
##################################################################################################
view internet_view {
match-clients { internet; };
zone "." IN {
type hint;
file "master/named.root";
};
zone "ac" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "com" { type delegation-only; };
zone "cx" { type delegation-only; };
zone "museum" { type delegation-only; };
zone "net" { type delegation-only; };
zone "nu" { type delegation-only; };
zone "sh" { type delegation-only; };
zone "tm" { type delegation-only; };
zone "ws" { type delegation-only; };
#########################################################################################
## Local zones
##
zone "0.0.127.in-addr.arpa" IN {
type master;
file "master/local.in-addr.arpa.zone";
};
## zone "localhost" IN {
## type master;
## file "master/local.zone";
## };
#########################################################################################
#########################################################################################
zone "thubert.net" IN {
type master;
file "master/thubert.net.zone.ext";
allow-transfer { dnssec_amen; };
};
zone "sur-le-web.com" IN {
type master;
file "master/sur-le-web.com.zone";
allow-transfer { dnssec_xname; };
};
};
#########################################################################################################
#########################################################################################################
#########################################################################################################
#########################################################################################################
$ cat /var/named/etc/namedb/master/pc-stephane.thubert.net.zone
$ORIGIN .
$TTL 86400 ; 1 day
thubert.net IN SOA ns.thubert.net. hostmaster.thubert.net. (
2005012802 ; serial
7200 ; refresh (2 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns.thubert.net.
A 192.168.1.1
MX 0 mail.thubert.net.
$ORIGIN thubert.net.
pc-stephane A 192.168.1.11
pc-patrick A 192.168.2.22
pc-marine A 192.168.3.33
pc-invite A 192.168.123.123
* A 192.168.1.1
#########################################################################################################
$ cat /var/named/etc/namedb/master/pc-patrick.thubert.net.zone$ORIGIN .$TTL
86400 ; 1 daythubert.net IN SOA ns.thubert.net.
hostmaster.thubert.net. ( 2005012802 ; serial
7200 ; refresh (2 hours) 7200 ;
retry (2 hours) 604800 ; expire (1 week)
86400 ; minimum (1 day) )
NS ns.thubert.net. A 192.168.2.1
MX 0 mail.thubert.net.$ORIGIN thubert.net.pc-stephane A
192.168.1.11pc-patrick A 192.168.2.22pc-marine
A 192.168.3.33pc-invite A 192.168.123.123*
A
192.168.2.1#########################################################################################################
$ cat /var/named/etc/namedb/master/1.168.192.in-addr.arpa.zone$ORIGIN .$TTL
86400 ; 1 day1.168.192.in-addr.arpa IN SOA ns.thubert.net.
hostmaster.thubert.net. ( 2005012802 ;
serial 7200 ; refresh (2 hours)
7200 ; retry (2 hours) 604800 ;
expire (1 week) 86400 ; minimum (1
) NS ns.thubert.net.$ORIGIN
1.168.192.in-addr.arpa.1 PTR delta.thubert.net.11
PTR
pc-stephane.thubert.net.#########################################################################################################
$ cat /var/named/etc/namedb/master/2.168.192.in-addr.arpa.zone$ORIGIN .$TTL
86400 ; 1 day2.168.192.in-addr.arpa IN SOA ns.thubert.net.
hostmaster.thubert.net. ( 2005012802 ;
serial 7200 ; refresh (2 hours)
7200 ; retry (2 hours) 604800 ;
expire (1 week) 86400 ; minimum (1
) NS ns.thubert.net.$ORIGIN
2.168.192.in-addr.arpa.1 PTR delta.thubert.net.22
PTR
pc-patrick.thubert.net.#########################################################################################################
$ cat local.in-addr.arpa.zone$TTL 86400 ; 1 day@ IN SOA
thubert.net. hostmaster.thubert.net. (
2005012811 ; serial 28800 ;
refresh 7200 ; retry
604800 ; expire 86400) ;
minimum TTL NS thubert.net.1
PTR
localhost.#########################################################################################################
$ cat thubert.net.zone.ext$TTL 86400 ; 1 day@ IN SOA
ns.thubert.net. hostmaster.thubert.net.
( 2005012802 ; serial
7200 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day) )
IN NS ns.thubert.net. IN NS ns1.amen.fr.
IN NS ns2.amen.fr. IN A 81.56.177.232
IN MX 0 mail.thubert.net.* IN A
81.56.177.232#########################################################################################################
$ cat sur-le-web.com.zone$TTL 86400 ; 1 day@ IN SOA
ns.sur-le-web.com. hostmaster.sur-le-web.com.
( 2005012802 ; serial
7200 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day) )
IN NS ns.sur-le-web.com. IN NS
ns0.xname.org. IN NS ns1.xname.org.
IN A 81.56.177.232* IN A 81.56.177.232
More information about the bind-users
mailing list