EDE 18/20 recursion failures after devel release upgrade 9.21.14 -> 9.21.15. bug, or config change req'd?
Evan Hunt
each at isc.org
Thu Nov 20 19:53:32 UTC 2025
> 'acl' block is not allowed not in options{}, only in 'topmost' block
Sorry, I should have been clearer - I meant allow-query, allow-recursion,
allow-query-cache, etc. Those are all access control lists too.
What I suspect is, in named.conf, you had something like this:
options {
[...]
allow-recursion { none; };
};
view internal {
[...]
allow-recursion { <addresses>; };
};
The inheritance logic is broken, causing allow-query-cache to be set
to "none" in the internal view; it was copied from the value of
allow-recursion at the "options" instead of the "view" level, as it
should've been. That breaks recursion, because both kinds of access
are needed.
I still haven't seen your "options" settings (unless it was in an earlier
email that I missed), so I was asking about them just to make absolutely
sure that's what the problem was.
We did find the inheritance bug because of your report (and, by the way,
thank you very much for testing the development verison!). It's being
tracked as https://gitlab.isc.org/isc-projects/bind9/-/issues/5647
in our bug database, and a fix will be merged today.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list