Diagnostic help

Bill Christensen billc_lists at greenbuilder.com
Tue Sep 30 00:02:42 UTC 2014

Hi folks,

Something got sideways on one of my DNS servers, and I would appreciate 
some help in figuring out what's going on.

I'm running BIND 9.10.1.  This server is authoritative master for a 
number of domains.

First off, I may have the allow-query set incorrectly.  Currently I have:

acl query-permit {
     (range of IP address on the local LAN which are allowed to use this 
server as their query server)

acl recursive-permit {
     (range of IP address on the local LAN which are allowed to use this 
server for recursive queries)

acl transfer-permit {
     (IP addresses of a couple other name servers allowed to do 
transfers with this one)

and at the beginning of the options  section:

         allow-recursion { recursive-permit; };
          allow-transfer { transfer-permit; };
//     allow-query { query-permit; };

Allow-query is commented out, which I assume will allow anyone to query 
this server for the domains for which it has master or slave records, 
but does not allow the general public to do recursive queries or queries 
on domains not hosted here.

Let me know if I've got that right, or how to correct it if I don't.

If this part is correct I'll continue the questioning.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140929/d7ad99da/attachment.html>

More information about the bind-users mailing list