Internernal view is answering to external ping
Mark Andrews
marka at isc.org
Thu Aug 1 00:09:39 UTC 2013
Post your *full* config not half of it. How the hell do you expect
people to identify problems unless you give them the neccessary
details.
Do you give you car mechanic only access to the boot when you have
a engine problem?
You said you created views yet you didn't send anything that described
how the views were configured.
Mark
In message <51F9A4DC.6040205 at gmail.com>, IT Support writes:
>
> Dear Carl
>
> Thanks for your answer here the output:
>
> acl allowed-users {
> localhost;
> 200.57.66.77/28;
> 192.168.0.0/23;
> 189.0.0.0/8;
> 172.16.102.1;
> 172.28.76.0/24;
> };
>
> acl internal {
> localhost;
> 200.57.66.77/28;
> 192.168.0.0/23
> };
>
> acl slaves {
> 200.57.66.78;
> };
>
> // This is the primary configuration file for the BIND DNS server named.
> //
> // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
> // structure of BIND configuration files in Debian, *BEFORE* you customize
> // this configuration file.
> //
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
>
> include "/etc/bind/named.conf.options";
>
> // prime the server with knowledge of the root servers
> //zone "." {
> // type hint;
> // file "/etc/bind/db.root";
> //};
>
> // be authoritative for the localhost forward and reverse zones, and for
> // broadcast zones as per RFC 1912
>
> //zone "localhost" {
> // type master;
> // file "/etc/bind/db.local";
> //};
> //zone "127.in-addr.arpa" {
> // type master;
> // file "/etc/bind/db.127";
> //};
>
> //zone "0.in-addr.arpa" {
> // type master;
> // file "/etc/bind/db.0";
> //};
>
> //zone "255.in-addr.arpa" {
> // type master;
> // file "/etc/bind/db.255";
> //};
>
> //zone "168.192.IN-ADDR.ARPA" {
> // type master;
> // file "/etc/bind/db.192";
> //};
>
> //zone "10.IN-ADDR.ARPA" {
> // type master;
> // file "/etc/empty";
> //};
>
> //zone "16.172.IN-ADDR.ARPA" {
> // type master;
> // file "/etc/empty";
> //};
>
>
>
> // zone "com" { type delegation-only; };
> // zone "net" { type delegation-only; };
>
> // From the release notes:
> // Because many of our users are uncomfortable receiving undelegated
> answers
> // from root or top level domains, other than a few for whom that behaviour
> // has been trusted and expected for quite some length of time, we have now
> // introduced the "root-delegations-only" feature which applies
> delegation-only
> // logic to all top level domains, and to the root domain. An
> exception list
> // should be specified, including "MUSEUM" and "DE", and any other top
> level
> // domains from whom undelegated responses are expected and trusted.
> // root-delegation-only exclude { "DE"; "MUSEUM"; };
>
> include "/etc/bind/named.conf.local";
> logging {
> category lame-servers { null; };
> category edns-disabled { null; };
> };
> key dhcpupdate {
> algorithm hmac-md5;
> secret "ddjsdfruifhrfr88r8rr5544==";
> };
>
> Thanks in advance.
>
> On 31/07/2013 5:46 PM, Carl Byington wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Wed, 2013-07-31 at 17:39 -0500, IT Support wrote:
> >> I have running bind9 on debian, with master zone for mydomain.com i
> >> created internal view for resolve names on my lan, and external zone
> >> for resolve my host on Internet,
> > standard answer - post your bind config.
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.14 (GNU/Linux)
> >
> > iEYEARECAAYFAlH5k9MACgkQL6j7milTFsEtzgCeKCNBwf7sAtPQDXC+qU+vq6Go
> > 8esAn2aWS7UaRcqWx8CDgG95+jZA1jXC
> > =knAS
> > -----END PGP SIGNATURE-----
> >
> >
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri
> be from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
>
> --------------050203070403020006060804
> Content-Type: text/html; charset=ISO-8859-1
> Content-Transfer-Encoding: 7bit
>
> <html>
> <head>
> <meta content="text/html; charset=ISO-8859-1"
> http-equiv="Content-Type">
> </head>
> <body bgcolor="#FFFFFF" text="#000000">
> <div class="moz-cite-prefix">Dear Carl<br>
> <br>
> Thanks for your answer here the output:<br>
> <br>
> acl allowed-users {<br>
> localhost;<br>
> <font face="Bodoni MT"><font
> face="Bodoni MT">200.57.66.77</font></font>/28;<br>
> 192.168.0.0/23;<br>
> 189.0.0.0/8;<br>
> 172.16.102.1;<br>
> 172.28.76.0/24;<br>
> };<br>
> <br>
> acl internal {<br>
> localhost;<br>
> <font face="Bodoni MT"><font face="Bodoni MT"> &
> nbsp;
> 200.57.66.77</font></font>/28;<br>
> 192.168.0.0/23<br>
> };<br>
> <br>
> acl slaves {<br>
> <font face="Bodoni MT"><font
> face="Bodoni MT">200.57.66.78</font></font>;<br>
> };<br>
> <br>
> // This is the primary configuration file for the BIND DNS server
> named.<br>
> //<br>
> // Please read /usr/share/doc/bind9/README.Debian.gz for
> information on the<br>
> // structure of BIND configuration files in Debian, *BEFORE* you
> customize<br>
> // this configuration file.<br>
> //<br>
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local<br>
> <br>
> include "/etc/bind/named.conf.options";<br>
> <br>
> // prime the server with knowledge of the root servers<br>
> //zone "." {<br>
> // type hint;<br>
> // file "/etc/bind/db.root";<br>
> //};<br>
> <br>
> // be authoritative for the localhost forward and reverse zones,
> and for<br>
> // broadcast zones as per RFC 1912<br>
> <br>
> //zone "localhost" {<br>
> // type master;<br>
> // file "/etc/bind/db.local";<br>
> //};<br>
> //zone "127.in-addr.arpa" {<br>
> // type master;<br>
> // file "/etc/bind/db.127";<br>
> //};<br>
> <br>
> //zone "0.in-addr.arpa" {<br>
> // type master;<br>
> // file "/etc/bind/db.0";<br>
> //};<br>
> <br>
> //zone "255.in-addr.arpa" {<br>
> // type master;<br>
> // file "/etc/bind/db.255";<br>
> //};<br>
> <br>
> //zone "168.192.IN-ADDR.ARPA" {<br>
> // type master;<br>
> // file "/etc/bind/db.192";<b
> r>
> //};<br>
> <br>
> //zone "10.IN-ADDR.ARPA" {<br>
> // type master;<br>
> // file "/etc/empty";<br>
> //};<br>
> <br>
> //zone "16.172.IN-ADDR.ARPA" {<br>
> // type master;<br>
> // file "/etc/empty";<br>
> //};<br>
> <br>
> <br>
> <br>
> // zone "com" { type delegation-only; };<br>
> // zone "net" { type delegation-only; };<br>
> <br>
> // From the release notes:<br>
> // Because many of our users are uncomfortable receiving
> undelegated answers<br>
> // from root or top level domains, other than a few for whom that
> behaviour<br>
> // has been trusted and expected for quite some length of time,
> we have now<br>
> // introduced the "root-delegations-only" feature which applies
> delegation-only<br>
> // logic to all top level domains, and to the root domain.
> An
> exception list<br>
> // should be specified, including "MUSEUM" and "DE", and any
> other top level<br>
> // domains from whom undelegated responses are expected and
> trusted.<br>
> // root-delegation-only exclude { "DE"; "MUSEUM"; };<br>
> <br>
> include "/etc/bind/named.conf.local";<br>
> logging {<br>
> category lame-servers { null
> ; };<br>
> category edns-disabled { nul
> l; };<br>
> };<br>
> key dhcpupdate {<br>
> algorithm hmac-md5;<br>
> secret "ddjsdfruifhrfr88r8rr
> 5544==";<br>
> };<br>
> <br>
> Thanks in advance.<br>
> <br>
> On 31/07/2013 5:46 PM, Carl Byington wrote:<br>
> </div>
> <blockquote cite="mid:1375310818.15833.11.camel at ns.five-ten-sg.com"
> type="cite">
> <pre wrap="">-----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, 2013-07-31 at 17:39 -0500, IT Support wrote:
> </pre>
> <blockquote type="cite">
> <pre wrap="">I have running bind9 on debian, with master zone for myd
> omain.com i
> created internal view for resolve names on my lan, and external zone
> for resolve my host on Internet,
> </pre>
> </blockquote>
> <pre wrap="">
> standard answer - post your bind config.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
>
> iEYEARECAAYFAlH5k9MACgkQL6j7milTFsEtzgCeKCNBwf7sAtPQDXC+qU+vq6Go
> 8esAn2aWS7UaRcqWx8CDgG95+jZA1jXC
> =knAS
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mai
> lman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</
> a> to unsubscribe from this list
>
> bind-users mailing list
> <a class="moz-txt-link-abbreviated" href="mailto:bind-users at lists.isc.org">bi
> nd-users at lists.isc.org</a>
> <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo
> /bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
> </pre>
> </blockquote>
> <br>
> </body>
> </html>
>
> --------------050203070403020006060804--
>
> --===============8258915988468820394==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --===============8258915988468820394==--
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list