Views and no answers ...
Kevin Darcy
kcd at chrysler.com
Mon Jun 20 22:21:39 UTC 2011
On 6/18/2011 12:08 AM, Thomas Schweikle wrote:
> Hi!
>
> I have set up a view for one site. It is bound to change answers as
> necessary for different IP-ranges. It works as far as I could see.
> But with one ip-range there is a problem ...
>
> I can query internal addresses:
> !user at kvm2~# host intweb.example.de
> !intweb.example.de has address 192.168.180.46
>
> But external ones do not work:
> !user at kvm2:~# host google.com
> !user at kvm2:~#
>
> The host I am trying on has address 192.168.112.4 and I've set up my
> view as:
> !view "ex" {
> ! match-clients { 192.168.112.0/23; };
> ! recursion yes;
> !
> ! include "/etc/named/master/rootns.conf";
> ! include "/etc/named/master/localhost.conf";
> ! include "/etc/named/master/empty.conf";
> !
> ! zone "example.de." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! notify no;
> ! file "/etc/named/zhz/fwd.example";
> ! };
> ! zone "mgm.example.de." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! notify no;
> ! file "/etc/named/zin/fwd.example.mgm";
> ! };
> !
> ! zone "1.168.192.in-addr.arpa." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! notify no;
> ! file "/etc/named/zin/rev.192.168.1";
> ! };
> ! zone "112.168.192.in-addr.arpa." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! notify no;
> ! file "/etc/named/zin/rev.192.168.112";
> ! };
> ! zone "113.168.192.in-addr.arpa." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! notify no;
> ! file "/etc/named/zin/rev.192.168.113";
> ! };
> ! zone "180.168.192.in-addr.arpa." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! notify no;
> ! file "/etc/named/zin/rev.192.168.180";
> ! };
> ! zone "181.168.192.in-addr.arpa." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! notify no;
> ! file "/etc/named/zin/rev.192.168.181";
> ! };
> !
> ! zone "hz.example.de." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! file "/var/lib/named/fwd.example.hz";
> ! allow-update { key "examplekey"; };
> ! };
> ! zone "in.example.de." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! file "/var/lib/named/fwd.example.in";
> ! allow-update { key "examplekey"; };
> ! };
> ! zone "no.example.de." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! file "/var/lib/named/fwd.example.no";
> ! allow-update { key "examplekey"; };
> ! };
> !
> ! zone "1.168.192.in-dyn.arpa." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! file "/var/lib/named/rev.192.168.1";
> ! allow-update { key "examplekey"; };
> ! };
> ! zone "112.168.192.in-dyn.arpa." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! file "/var/lib/named/rev.192.168.112";
> ! allow-update { key "examplekey"; };
> ! };
> ! zone "113.168.192.in-dyn.arpa." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! file "/var/lib/named/rev.192.168.113";
> ! allow-update { key "examplekey"; };
> ! };
> ! zone "180.168.192.in-dyn.arpa." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! file "/var/lib/named/rev.192.168.180";
> ! allow-update { key "examplekey"; };
> ! };
> ! zone "181.168.192.in-dyn.arpa." {
> ! type master;
> ! allow-transfer { key "mskey"; };
> ! file "/var/lib/named/rev.192.168.181";
> ! allow-update { key "examplekey"; };
> ! };
> !};
>
> Any idea why the server resolves internal names, but no external
> ones to this view, while it does answer internal and external names
> to an other view (same setup, only a different "view"-line)?
>
> !view "no" {
> ! match-clients { 127.0.0.1/8; 192.168.180.0/23; };
> ! recursion yes;
> ![... same as above ...]
>
> I've set up query logging, but this just tells me queries are
> correctly processed. But not why no answer was sent.
1. Turn on query logging. See where the query is coming from and what
view is being matched.
2. What's in those "include" files? You're not showing a complete
picture of your config
3. What on earth is "in-dyn.arpa"?
4. What's with all the trailing dots in your zone names? At the very
least, they occupy unnecessary space; at the worst, they might be
confusing named.
- Kevin
More information about the bind-users
mailing list