Problems with upgrade to 9.5.1b1

Chris Buxton cbuxton at menandmice.com
Tue Jul 15 17:54:12 UTC 2008


Rob,

This change was made at 9.4: The default for "allow-recursion" is no  
longer "{ any; }". It's now "{ localhost; localnets; }".

To fix this, set your allow-recursion explicitly to permit recursive  
queries from your subnets.

Chris Buxton
Professional Services
Men & Mice

On Jul 15, 2008, at 9:34 AM, Rob Tanner wrote:

> I'm running bind 9.3.4 (a Fedora Core distro version) and trying to
> upgrade to (technically, replace it with) 9.5.1b1.  I simply ran
> configure (no options) and make and then installed it.  Since it
> installs in /usr/local, that doesn't create a problem as I can run one
> version of the other.
> I'm doing initial testing with nslookup and the problem I'm seeing  
> with
> 9.5.1b1 is that while it correctly resolves in all cases for host  
> names
> and IP addresses that are local (i.e., names/addresses for which it's
> authoritative), when I try other lookups, for instance, www.cnn.com,
> nslookup I get different results, depending on whether or not the  
> query
> is coming from a machine in the same address segment is the DNS  
> server.
> Queries coming from machine within the same IP segment as the DNS  
> server
> work fine.  Queries coming from machines in different address segments
> get th response:
>
>                  ** server can't find <host name>: REFUSED
>
> At the same time I get a log entry like:
>
>   client 10.219.255.250#39750: view internal: query (cache)
> 'www.cnn.com/A/IN' denied
>
> I get this using the same db files and named.conf file that 9.3.4 runs
> against and I don't have this problem with 9.3.4.  I'm assuming that
> it's some sort of configuration issue, but I don't know what.  Any
> ideas?  Would it help if I posted my named.conf file (or would I
> becreating an issue for mself by making that file public).
>
> Thanks,
>
> Rob Tanner
> UNIX Service Manager
> Linfield College
>
>
>
>



More information about the bind-users mailing list