view
pch0317
pch0317 at gmail.com
Fri Oct 4 15:26:13 UTC 2013
Thanks
On 10/03/2013 11:39 PM, Steven Carr wrote:
> So the reason it's failing is because you don't have a view configured
> for the zones contained in /etc/bind/named.conf.default-
> zones. If you implement views then all zones must be added to a view.
>
> Edit the /etc/bind/named.conf.default-zones file and insert in the
> view statements e.g.
> view "internal" {
> at the top of the file and an extra closing bracket at the bottom
> };
>
> Steve
>
>
>
>
> On 3 October 2013 22:06, Paweł Ch.<pch0317 at gmail.com> wrote:
>> When I copy named.conf.default-zones inside "dmz" view in named.conf.local
>> then named started but is problem with requested other zone than
>> authoritative for this server:
>> Served by:
>> - M.ROOT-SERVERS.NET
>> - A.ROOT-SERVERS.NET
>> .
>> .
>> it is ok?
>>
>> My conf file are:
>>
>> # cat named.conf
>> // This is the primary configuration file for the BIND DNS server named.
>> //
>> // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
>> // structure of BIND configuration files in Debian, *BEFORE* you customize
>> // this configuration file.
>> //
>> // If you are just adding zones, please do that in
>> /etc/bind/named.conf.local
>>
>> include "/etc/bind/named.conf.options";
>> include "/etc/bind/named.conf.local";
>> include "/etc/bind/named.conf.default-zones";
>>
>> ------------------------------------------------------------------------------
>> # cat named.conf.options
>> acl dmz { 10.0.0.0/24; };
>>
>> options {
>> allow-query { any; };
>> allow-query-cache { any; };
>> directory "/var/cache/bind";
>> notify no;
>> recursion no;
>>
>> // If there is a firewall between you and nameservers you want
>> // to talk to, you may need to fix the firewall to allow multiple
>> // ports to talk. See http://www.kb.cert.org/vuls/id/800113
>>
>> // If your ISP provided one or more IP addresses for stable
>> // nameservers, you probably want to use them as forwarders.
>> // Uncomment the following block, and insert the addresses replacing
>> // the all-0's placeholder.
>>
>> // forwarders {
>> // 0.0.0.0;
>> // };
>>
>> auth-nxdomain no; # conform to RFC1035
>> listen-on-v6 { any; };
>>
>> rrset-order {
>> class IN type A name "aaaaaaaaaaaaa" order fixed;
>> class IN type A name "aaaaaaaaaaaaa" order fixed;
>> class IN type A name "aaaaaaaaaaaaa" order fixed;
>> class IN type A name "aaaaaaaaaaaaa" order fixed;
>> };
>> };
>>
>> logging {
>> channel update_debug {
>> file "/var/log/update_debug.log" versions 3 size 100k;
>> severity debug;
>> print-severity yes;
>> print-time yes;
>> };
>> channel security_info {
>> file "/var/log/security_info.log" versions 1 size 100k;
>> severity info;
>> print-severity yes;
>> print-time yes;
>> };
>> channel bind_log {
>> file "/var/log/bind.log" versions 3 size 1m;
>> severity info;
>> print-category yes;
>> print-severity yes;
>> print-time yes;
>> };
>>
>> category default { bind_log; };
>> category lame-servers { null; };
>> category update { update_debug; };
>> category update-security { update_debug; };
>> category security { security_info; };
>> };
>>
>> ------------------------------------------------------------------------------
>> # cat named.conf.local
>> //
>> // Do any local configuration here
>> //
>>
>> // Consider adding the 1918 zones here, if they are not used in your
>> // organization
>> //include "/etc/bind/zones.rfc1918";
>>
>> view "dmz" {
>>
>> zone "aaaaaaaaaaaaa"
>> {
>> type master;
>> file "/etc/bind/db.aaaaaaaaaaaaa";
>> allow-query { any; };
>> allow-transfer { a.a.a.a; a.a.a.a; };
>> };
>>
>> .
>> .
>> output ommited
>> .
>> .
>>
>> zone "aaaaaaaaaaaaa"
>> {
>> type master;
>> file "/etc/bind/db.aaaaaaaaaaaaa";
>> allow-query { any; };
>> allow-transfer { a.a.a.a; a.a.a.a; };
>> };
>> };
>>
>> ------------------------------------------------------------------------------
>> # cat named.conf.default-zones
>> // prime the server with knowledge of the root servers
>> zone "." {
>> type hint;
>> file "/etc/bind/db.root";
>> };
>>
>> // be authoritative for the localhost forward and reverse zones, and for
>> // broadcast zones as per RFC 1912
>>
>> zone "localhost" {
>> type master;
>> file "/etc/bind/db.local";
>> };
>>
>> zone "127.in-addr.arpa" {
>> type master;
>> file "/etc/bind/db.127";
>> };
>>
>> zone "0.in-addr.arpa" {
>> type master;
>> file "/etc/bind/db.0";
>> };
>>
>> zone "255.in-addr.arpa" {
>> type master;
>> file "/etc/bind/db.255";
>> };
>>
>>
>>
>> On 3 October 2013 19:55, Steven Carr<sjcarr at gmail.com> wrote:
>>> Please post your full named.conf config file (you can obfuscate any
>>> sensitive information).
>>>
>>> Steve
>>>
>>>
>>> On 3 October 2013 18:53, Paweł Ch.<pch0317 at gmail.com> wrote:
>>>> Hi list
>>>>
>>>> I have problem with views in bind9 on debian 6. I configured server like
>>>> here https://wiki.debian.org/Bind9 and it works. When i add entry: view
>>>> "dmz" { match-clients { 10.0.0.0/24; }; }; bind9 can't start.
>>>>
>>>> What I can do to solve problem?
>>>>
>>>> Thanks
>>>>
>>>> _______________________________________________
>>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>>> unsubscribe from this list
>>>>
>>>> bind-users mailing list
>>>> bind-users at lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>> unsubscribe from this list
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>
More information about the bind-users
mailing list