split-view DNS not working for my internal zone...
Kevin Darcy
kcd at chrysler.com
Thu Sep 18 21:01:39 UTC 2008
It's not a view problem, apparently. SERVFAIL can be caused by any
number of things.
Start with the basic stuff. Look at the logs. Did the zone load
properly? Etc. etc. etc.
- Kevin
Evert wrote:
> The problem persists after changing the ACL to localnets.
>
>
> Greetings,
> Evert
>
> Kevin Darcy wrote:
>
>> Evert wrote:
>>
>>> Hi all,
>>>
>>> Wrestling a bit with split-view...
>>>
>>> In my named.conf:
>>> -------------------------------------------------
>>> view "internal" {
>>> match-clients { 192.168.24.10/24; };
>>> recursion yes;
>>> notify no;
>>>
>>> zone "." {
>>> type hint;
>>> file "named.ca";
>>> };
>>>
>>>
>>> zone "domain.com" {
>>> type master;
>>> file "local/domain.com.hosts";
>>> };
>>> };
>>> -------------------------------------------------
>>>
>>>
>>>
>>> In local/domain.com.hosts:
>>> -------------------------------------------------
>>> $TTL 3600
>>>
>>> www1 IN A 1.2.3.4
>>> -------------------------------------------------
>>>
>>>
>>> However, when I try a:
>>> nslookup www1.domain.com.
>>>
>>> I get:
>>> -------------------------------------------------
>>> Server: 127.0.0.1
>>> Address: 127.0.0.1#53
>>>
>>> ** server can't find www1.domain.com: SERVFAIL
>>> -------------------------------------------------
>>>
>>>
>>>
>>> The queries.log shows it does go to the correct view:
>>> -------------------------------------------------
>>> 18-Sep-2008 20:21:18.802 client 127.0.0.1#40414: view internal: query:
>>> www1.domain.com IN A +
>>> 18-Sep-2008 20:21:18.803 client 127.0.0.1#53315: view internal: query:
>>> www1.domain.com IN A +
>>> -------------------------------------------------
>>>
>>>
>>> What am I doing wrong here?
>>>
>>>
>>>
>> 192.168.24.10/24 is an illegal specification (masking on the first 3
>> octets, but with bits in the fourth octet?). Did you perhaps mean
>> 192.168.24.0/24?
>>
>> 127.0.0.1 is neither 192.168.24.10 nor in the 192.168.24.0/24 range
>> (depending on what you meant, see above).
>>
>> You might want to include the built-in ACL "localhost" in the
>> match-clients. That ACL includes the addresses of all your local
>> interfaces. "localnets" may be even more convenient, but, depending on
>> your network configuration and the rest of your config, match more than
>> you intend.
>>
>>
>> - Kevin
>>
>>
>>
>
>
>
>
>
More information about the bind-users
mailing list