view
Paweł Ch.
pch0317 at gmail.com
Thu Oct 3 21:06:44 UTC 2013
When I copy named.conf.default-zones inside "dmz" view in named.conf.local
then named started but is problem with requested other zone than
authoritative for this server:
Served by:
- M.ROOT-SERVERS.NET
- A.ROOT-SERVERS.NET
.
.
it is ok?
My conf file are:
# cat named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
------------------------------------------------------------------------------
# cat named.conf.options
acl dmz { 10.0.0.0/24; };
options {
allow-query { any; };
allow-query-cache { any; };
directory "/var/cache/bind";
notify no;
recursion no;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
rrset-order {
class IN type A name "aaaaaaaaaaaaa" order fixed;
class IN type A name "aaaaaaaaaaaaa" order fixed;
class IN type A name "aaaaaaaaaaaaa" order fixed;
class IN type A name "aaaaaaaaaaaaa" order fixed;
};
};
logging {
channel update_debug {
file "/var/log/update_debug.log" versions 3 size 100k;
severity debug;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/security_info.log" versions 1 size 100k;
severity info;
print-severity yes;
print-time yes;
};
channel bind_log {
file "/var/log/bind.log" versions 3 size 1m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { bind_log; };
category lame-servers { null; };
category update { update_debug; };
category update-security { update_debug; };
category security { security_info; };
};
------------------------------------------------------------------------------
# cat named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
view "dmz" {
zone "aaaaaaaaaaaaa"
{
type master;
file "/etc/bind/db.aaaaaaaaaaaaa";
allow-query { any; };
allow-transfer { a.a.a.a; a.a.a.a; };
};
.
.
output ommited
.
.
zone "aaaaaaaaaaaaa"
{
type master;
file "/etc/bind/db.aaaaaaaaaaaaa";
allow-query { any; };
allow-transfer { a.a.a.a; a.a.a.a; };
};
};
------------------------------------------------------------------------------
# cat named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
On 3 October 2013 19:55, Steven Carr <sjcarr at gmail.com> wrote:
> Please post your full named.conf config file (you can obfuscate any
> sensitive information).
>
> Steve
>
>
> On 3 October 2013 18:53, Paweł Ch. <pch0317 at gmail.com> wrote:
> > Hi list
> >
> > I have problem with views in bind9 on debian 6. I configured server like
> > here https://wiki.debian.org/Bind9 and it works. When i add entry: view
> > "dmz" { match-clients { 10.0.0.0/24; }; }; bind9 can't start.
> >
> > What I can do to solve problem?
> >
> > Thanks
> >
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131003/0fb14c39/attachment.html>
More information about the bind-users
mailing list