Issues with loop

Jonathan Petersson jpetersson at garnser.se
Fri Jul 11 02:06:00 UTC 2008


Hi everyone.

I recently took a couple of new DNS servers online and have stumbled
upon an issue. These servers are hosting a couple of reverse zones and
allows recursive lookup for our own external networks. This seams to
cause a loop when looking up records of the hosted zones.

Could anyone recommend another approach to allow recursive lookups for
known networks and still only allow queries for the authoritative
zones to the rest of the Internet?

(The networks in this config is not ours)

Thanks

options {
        query-source address * port 53;

        directory "/var/named";
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";

        version "surely you must be joking";

        allow-transfer {
                127.0.0.1;
                123.123.123.123;
        };

        querylog yes;

};

logging {
        channel default_debug {
                file "/var/log/named.run";
                severity dynamic;
        };

        channel query_log {
                file "/var/log/querylog" versions 3 size 40m;
                print-time yes;
        };

        category queries { query_log; };
};

view "known" {
        match-clients {
                127.0.0.1;
                122.0.0.0/24;         # Allowed network
        };

        recursion yes;

        include "/etc/named.root.hints";
        include "/etc/named.rfc1912.zones";
};

view "all" {
        match-clients { any; };
        recursion no;

     zone "0.0.122.in-addr.arpa" IN {
          type slave;
          file "slaves/122.0.0";
          masters { 123.123.123.123; };
     };
};


More information about the bind-users mailing list