split-view DNS not working for my internal zone...

Kevin Darcy kcd at chrysler.com
Thu Sep 18 21:01:39 UTC 2008 

It's not a view problem, apparently. SERVFAIL can be caused by any 
number of things.

Start with the basic stuff. Look at the logs. Did the zone load 
properly? Etc. etc. etc.

                                                                         
      - Kevin

Evert wrote:
> The problem persists after changing the ACL to localnets.
>
>
> Greetings,
> 	Evert
>
> Kevin Darcy wrote:
>   
>> Evert wrote:
>>     
>>> Hi all,
>>>
>>> Wrestling a bit with split-view...
>>>
>>> In my named.conf:
>>> -------------------------------------------------
>>> view "internal" {
>>>          match-clients { 192.168.24.10/24; };
>>>          recursion yes;
>>> 	notify no;
>>>
>>>          zone "." {
>>>                  type hint;
>>>                  file "named.ca";
>>>                  };
>>>
>>>
>>> zone "domain.com" {
>>>                  type master;
>>>                  file "local/domain.com.hosts";
>>>          };
>>> };
>>> -------------------------------------------------
>>>
>>>
>>>
>>> In local/domain.com.hosts:
>>> -------------------------------------------------
>>> $TTL 3600
>>>
>>> www1    IN A    1.2.3.4
>>> -------------------------------------------------
>>>
>>>
>>> However, when I try a:
>>>     nslookup www1.domain.com.
>>>
>>> I get:
>>> -------------------------------------------------
>>> Server:         127.0.0.1
>>> Address:        127.0.0.1#53
>>>
>>> ** server can't find www1.domain.com: SERVFAIL
>>> -------------------------------------------------
>>>
>>>
>>>
>>> The queries.log shows it does go to the correct view:
>>> -------------------------------------------------
>>> 18-Sep-2008 20:21:18.802 client 127.0.0.1#40414: view internal: query: 
>>> www1.domain.com IN A +
>>> 18-Sep-2008 20:21:18.803 client 127.0.0.1#53315: view internal: query: 
>>> www1.domain.com IN A +
>>> -------------------------------------------------
>>>
>>>
>>> What am I doing wrong here?
>>>
>>>   
>>>       
>> 192.168.24.10/24 is an illegal specification (masking on the first 3 
>> octets, but with bits in the fourth octet?). Did you perhaps mean 
>> 192.168.24.0/24?
>>
>> 127.0.0.1 is neither 192.168.24.10 nor in the 192.168.24.0/24 range 
>> (depending on what you meant, see above).
>>
>> You might want to include the built-in ACL "localhost" in the 
>> match-clients. That ACL includes the addresses of all your local 
>> interfaces. "localnets" may be even more convenient, but, depending on 
>> your network configuration and the rest of your config, match more than 
>> you intend.
>>
>>                                                                          
>>             - Kevin
>>
>>
>>     
>
>
>
>
>

More information about the bind-users mailing list