<div dir="ltr"><div><div><div><div>When I copy named.conf.default-zones inside "dmz" view in named.conf.local then named started but is problem with requested other zone than authoritative for this server:<br></div>
Served by:<br></div>- <a href="http://M.ROOT-SERVERS.NET">M.ROOT-SERVERS.NET</a><br></div>- <a href="http://A.ROOT-SERVERS.NET">A.ROOT-SERVERS.NET</a><br>.<br>.<br></div><div>it is ok?<br></div><div><br></div>My conf file are:<br>
<div><div><div><div> <br># cat named.conf<br>// This is the primary configuration file for the BIND DNS server named.<br>//<br>// Please read /usr/share/doc/bind9/README.Debian.gz for information on the<br>// structure of BIND configuration files in Debian, *BEFORE* you customize<br>
// this configuration file.<br>//<br>// If you are just adding zones, please do that in /etc/bind/named.conf.local<br><br>include "/etc/bind/named.conf.options";<br>include "/etc/bind/named.conf.local";<br>
include "/etc/bind/named.conf.default-zones";<br><br>------------------------------------------------------------------------------<br># cat named.conf.options<br>acl dmz { <a href="http://10.0.0.0/24">10.0.0.0/24</a>; };<br>
<br>options {<br> allow-query { any; };<br> allow-query-cache { any; };<br> directory "/var/cache/bind";<br> notify no;<br> recursion no;<br><br> // If there is a firewall between you and nameservers you want<br>
// to talk to, you may need to fix the firewall to allow multiple<br> // ports to talk. See <a href="http://www.kb.cert.org/vuls/id/800113">http://www.kb.cert.org/vuls/id/800113</a><br><br> // If your ISP provided one or more IP addresses for stable<br>
// nameservers, you probably want to use them as forwarders.<br> // Uncomment the following block, and insert the addresses replacing<br> // the all-0's placeholder.<br><br> // forwarders {<br>
// 0.0.0.0;<br> // };<br><br> auth-nxdomain no; # conform to RFC1035<br> listen-on-v6 { any; };<br><br> rrset-order {<br> class IN type A name "aaaaaaaaaaaaa" order fixed;<br>
class IN type A name "aaaaaaaaaaaaa" order fixed;<br> class IN type A name "aaaaaaaaaaaaa" order fixed;<br> class IN type A name "aaaaaaaaaaaaa" order fixed;<br>
};<br>};<br><br>logging {<br> channel update_debug {<br> file "/var/log/update_debug.log" versions 3 size 100k;<br> severity debug;<br> print-severity yes;<br>
print-time yes;<br> };<br> channel security_info {<br> file "/var/log/security_info.log" versions 1 size 100k;<br> severity info;<br> print-severity yes;<br>
print-time yes;<br> };<br> channel bind_log {<br> file "/var/log/bind.log" versions 3 size 1m;<br> severity info;<br> print-category yes;<br>
print-severity yes;<br> print-time yes;<br> };<br><br> category default { bind_log; };<br> category lame-servers { null; };<br> category update { update_debug; };<br>
category update-security { update_debug; };<br> category security { security_info; };<br>};<br><br>------------------------------------------------------------------------------<br># cat named.conf.local<br>
//<br>// Do any local configuration here<br>//<br><br>// Consider adding the 1918 zones here, if they are not used in your<br>// organization<br>//include "/etc/bind/zones.rfc1918";<br><br>view "dmz" {<br>
<br>zone "aaaaaaaaaaaaa"<br>{<br> type master;<br> file "/etc/bind/db.aaaaaaaaaaaaa";<br> allow-query { any; };<br> allow-transfer { a.a.a.a; a.a.a.a; };<br>};<br><br>.<br>.<br>output ommited<br>.<br>
.<br><br>zone "aaaaaaaaaaaaa"<br>{<br> type master;<br> file "/etc/bind/db.aaaaaaaaaaaaa";<br> allow-query { any; };<br> allow-transfer { a.a.a.a; a.a.a.a; };<br>};<br>};<br><br>------------------------------------------------------------------------------<br>
# cat named.conf.default-zones<br>// prime the server with knowledge of the root servers<br>zone "." {<br> type hint;<br> file "/etc/bind/db.root";<br>};<br><br>// be authoritative for the localhost forward and reverse zones, and for<br>
// broadcast zones as per RFC 1912<br><br>zone "localhost" {<br> type master;<br> file "/etc/bind/db.local";<br>};<br><br>zone "127.in-addr.arpa" {<br> type master;<br> file "/etc/bind/db.127";<br>
};<br><br>zone "0.in-addr.arpa" {<br> type master;<br> file "/etc/bind/db.0";<br>};<br><br>zone "255.in-addr.arpa" {<br> type master;<br> file "/etc/bind/db.255";<br>
};<br><br></div></div></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 3 October 2013 19:55, Steven Carr <span dir="ltr"><<a href="mailto:sjcarr@gmail.com" target="_blank">sjcarr@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Please post your full named.conf config file (you can obfuscate any<br>
sensitive information).<br>
<br>
Steve<br>
<div><div class="h5"><br>
<br>
On 3 October 2013 18:53, Paweł Ch. <<a href="mailto:pch0317@gmail.com">pch0317@gmail.com</a>> wrote:<br>
> Hi list<br>
><br>
> I have problem with views in bind9 on debian 6. I configured server like<br>
> here <a href="https://wiki.debian.org/Bind9" target="_blank">https://wiki.debian.org/Bind9</a> and it works. When i add entry: view<br>
> "dmz" { match-clients { <a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a>; }; }; bind9 can't start.<br>
><br>
> What I can do to solve problem?<br>
><br>
> Thanks<br>
><br>
</div></div>> _______________________________________________<br>
> Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to<br>
> unsubscribe from this list<br>
><br>
> bind-users mailing list<br>
> <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
> <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a></blockquote></div><br></div>