About query response on a view
Okan Bostan
bostanok at itu.edu.tr
Wed Dec 9 09:11:28 UTC 2015
Hello List,
We are planning to migrate to Bind dns, I'm a bit newbie.
In our design we have two views; int and ext.
As internal view, recursion is on and we have our internal zones & forwarders. I have no problem with internal view.
In external view, recursion in no. Also have some zones. In testing external view, I can query the records in zones, thats not a problem also.
But when I try to query, for example www.google.com<http://www.google.com> it returns the root servers records by dig.
;; QUESTION SECTION:
;ww. IN A
;; AUTHORITY SECTION:
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
And status: NOERROR
also in nslookup:
Name: www.google.com
Served by:
- E.ROOT-SERVERS.NET
- F.ROOT-SERVERS.NET
- J.ROOT-SERVERS.NET
- G.ROOT-SERVERS.NET
- D.ROOT-SERVERS.NET
- C.ROOT-SERVERS.NET
- A.ROOT-SERVERS.NET
But in our existing DNS enviroment, I get status: SERVFAIL to same query.
Is this a normal behaviour ? How can I disable this Authority section with root server NS records?
My external view:
view "EXTERNAL" {
match-clients {"any";};
allow-query-on {ext_ip; };
recursion no;
allow-recursion { none;};
#Include SLAVE zones
include "slave.zones";
#Include REVERSE zones
include "reverse.zones";
};// view EXTERNAL
Regards,
Okan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20151209/ee8bfebb/attachment-0001.html>
More information about the bind-users
mailing list