9.7.0a2 - deny-answer-addresses

Jeremy C. Reed jreed at isc.org
Fri Aug 21 15:42:31 UTC 2009


On Fri, 21 Aug 2009, clemens fischer wrote:

> BIND 9.7.0a2 built with '--prefix=/opt/bind/9.7.0a2'
> '--with-openssl=yes' '--disable-linux-caps'
> '--sysconfdir=/usr/local/etc' '--localstatedir=/var' 'CFLAGS=-O'

Thank you very much for testing the alpha release.

>   deny-answer-addresses {
>       127/8; 192.168/16; 10/8; 172.16/12;
>   } except-from {
>       "zen.spamhaus.org";
>       "dnsbl-1.uceprotect.net";
>       "dnsbl-1.uceprotect.net";

This is repeated, resulting in "already exists" (via the RBT code).

Maybe we can improve the configuration failure logging for this.

>       "ix.dnsbl.manitu.net";
>   };
> 
> I get:
> 
>   received SIGHUP signal to reload zones
>   loading configuration from '/usr/local/etc/named.conf'
>   ...
>   reloading configuration failed: already exists
>  
> Putting a suitably modified version of "deny-answer-addresses" into
> a forwarder zone returns:

Not supported in a type forward zone.




More information about the bind-users mailing list