Views and no answers ...

Thomas Schweikle tps at vr-web.de
Sat Jun 18 04:08:51 UTC 2011


Hi!

I have set up a view for one site. It is bound to change answers as
necessary for different IP-ranges. It works as far as I could see.
But with one ip-range there is a problem ...

I can query internal addresses:
!user at kvm2~# host intweb.example.de
!intweb.example.de has address 192.168.180.46

But external ones do not work:
!user at kvm2:~# host google.com
!user at kvm2:~#

The host I am trying on has address 192.168.112.4 and I've set up my
view as:
!view "ex" {
!        match-clients { 192.168.112.0/23; };
!        recursion yes;
!
!        include "/etc/named/master/rootns.conf";
!        include "/etc/named/master/localhost.conf";
!        include "/etc/named/master/empty.conf";
!
!        zone "example.de." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zhz/fwd.example";
!        };
!        zone "mgm.example.de." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zin/fwd.example.mgm";
!        };
!
!        zone "1.168.192.in-addr.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zin/rev.192.168.1";
!        };
!        zone "112.168.192.in-addr.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zin/rev.192.168.112";
!        };
!        zone "113.168.192.in-addr.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zin/rev.192.168.113";
!        };
!        zone "180.168.192.in-addr.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zin/rev.192.168.180";
!        };
!        zone "181.168.192.in-addr.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zin/rev.192.168.181";
!        };
!
!        zone "hz.example.de." {
!                type master;
!                allow-transfer { key "mskey"; };
!                file "/var/lib/named/fwd.example.hz";
!                allow-update { key "examplekey"; };
!        };
!        zone "in.example.de." {
!                type master;
!                allow-transfer { key "mskey"; };
!                file "/var/lib/named/fwd.example.in";
!                allow-update { key "examplekey"; };
!        };
!        zone "no.example.de." {
!                type master;
!                allow-transfer { key "mskey"; };
!                file "/var/lib/named/fwd.example.no";
!                allow-update { key "examplekey"; };
!        };
!
!        zone "1.168.192.in-dyn.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                file "/var/lib/named/rev.192.168.1";
!                allow-update { key "examplekey"; };
!        };
!        zone "112.168.192.in-dyn.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                file "/var/lib/named/rev.192.168.112";
!                allow-update { key "examplekey"; };
!        };
!        zone "113.168.192.in-dyn.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                file "/var/lib/named/rev.192.168.113";
!                allow-update { key "examplekey"; };
!        };
!        zone "180.168.192.in-dyn.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                file "/var/lib/named/rev.192.168.180";
!                allow-update { key "examplekey"; };
!        };
!        zone "181.168.192.in-dyn.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                file "/var/lib/named/rev.192.168.181";
!                allow-update { key "examplekey"; };
!        };
!};

Any idea why the server resolves internal names, but no external
ones to this view, while it does answer internal and external names
to an other view (same setup, only a different "view"-line)?

!view "no" {
!        match-clients { 127.0.0.1/8; 192.168.180.0/23; };
!        recursion yes;
![... same as above ...]

I've set up query logging, but this just tells me queries are
correctly processed. But not why no answer was sent.

-- 
Thomas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 219 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110618/0c76b11d/attachment.bin>


More information about the bind-users mailing list