split-view DNS not working for my internal zone...
Kevin Darcy
kcd at chrysler.com
Thu Sep 18 21:49:51 UTC 2008
Evert wrote:
> There we have something! :-)
>
> After modifying domain.com.hosts it works!
> Had to add a SOA, etc:
> -------------------------------------------------
> $TTL 3600
>
> @ IN SOA ns.domain.com. hostmaster.domain.com. (
> 2008091806
> 1800
> 900
> 604800
> 1200 )
>
> @ IN NS ns
> ns IN A 127.0.0.1
> www1 IN A 1.2.3.4
> -------------------------------------------------
>
> I guess the above (excluding the www1) is the absolute minimum for a
> master domain?
>
>
Yes, the minimum for an "empty" zone is an SOA RR and 2 NS RRs. BIND
will accept a zone with a single NS record at the apex, even though
technically that's illegal.
- Kevin
> Kevin Darcy wrote:
>
>> It's not a view problem, apparently. SERVFAIL can be caused by any
>> number of things.
>>
>> Start with the basic stuff. Look at the logs. Did the zone load
>> properly? Etc. etc. etc.
>>
>>
>> - Kevin
>>
>> Evert wrote:
>>
>>> The problem persists after changing the ACL to localnets.
>>>
>>>
>>> Greetings,
>>> Evert
>>>
>>> Kevin Darcy wrote:
>>>
>>>
>>>> Evert wrote:
>>>>
>>>>
>>>>> Hi all,
>>>>>
>>>>> Wrestling a bit with split-view...
>>>>>
>>>>> In my named.conf:
>>>>> -------------------------------------------------
>>>>> view "internal" {
>>>>> match-clients { 192.168.24.10/24; };
>>>>> recursion yes;
>>>>> notify no;
>>>>>
>>>>> zone "." {
>>>>> type hint;
>>>>> file "named.ca";
>>>>> };
>>>>>
>>>>>
>>>>> zone "domain.com" {
>>>>> type master;
>>>>> file "local/domain.com.hosts";
>>>>> };
>>>>> };
>>>>> -------------------------------------------------
>>>>>
>>>>>
>>>>>
>>>>> In local/domain.com.hosts:
>>>>> -------------------------------------------------
>>>>> $TTL 3600
>>>>>
>>>>> www1 IN A 1.2.3.4
>>>>> -------------------------------------------------
>>>>>
>>>>>
>>>>> However, when I try a:
>>>>> nslookup www1.domain.com.
>>>>>
>>>>> I get:
>>>>> -------------------------------------------------
>>>>> Server: 127.0.0.1
>>>>> Address: 127.0.0.1#53
>>>>>
>>>>> ** server can't find www1.domain.com: SERVFAIL
>>>>> -------------------------------------------------
>>>>>
>>>>>
>>>>>
>>>>> The queries.log shows it does go to the correct view:
>>>>> -------------------------------------------------
>>>>> 18-Sep-2008 20:21:18.802 client 127.0.0.1#40414: view internal: query:
>>>>> www1.domain.com IN A +
>>>>> 18-Sep-2008 20:21:18.803 client 127.0.0.1#53315: view internal: query:
>>>>> www1.domain.com IN A +
>>>>> -------------------------------------------------
>>>>>
>>>>>
>>>>> What am I doing wrong here?
>>>>>
>>>>>
>>>>>
>>>>>
>>>> 192.168.24.10/24 is an illegal specification (masking on the first 3
>>>> octets, but with bits in the fourth octet?). Did you perhaps mean
>>>> 192.168.24.0/24?
>>>>
>>>> 127.0.0.1 is neither 192.168.24.10 nor in the 192.168.24.0/24 range
>>>> (depending on what you meant, see above).
>>>>
>>>> You might want to include the built-in ACL "localhost" in the
>>>> match-clients. That ACL includes the addresses of all your local
>>>> interfaces. "localnets" may be even more convenient, but, depending on
>>>> your network configuration and the rest of your config, match more than
>>>> you intend.
>>>>
>>>>
>>>> - Kevin
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>
>
>
>
>
More information about the bind-users
mailing list