<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">Thanks Bob, while your suggestions
didn't help directly they did put me on a path that eventually
lead to the solution. Turns out I had an ill defined SOA record
along with a ill defined NS record (copy/paste error) that was the
problem in my localhost zone. I think I am once again a happy
camper.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"> Marc..</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 3/30/20 11:42 AM, Bob Harold wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+nkc8Dsor4LP-o_m7BcS+7BSntsOPOvxUfKYKD=_0_dXqvjAA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Try without the "match-destinations". Only use
match-clients to determine the view. (Or try
only match-destinations as a separate test.)
<div>(I have never used match-destinations.)<br>
<div>Turn on query logging and see what source and destination
your queries are using. Make fake queries to unique names
just to be sure which queries you are looking at.</div>
<div>That's the best that I can suggest.<br>
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div><br>
-- <br>
Bob Harold</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Mar 30, 2020 at 1:07
PM Marc Chamberlin via bind-users <<a
href="mailto:bind-users@lists.isc.org"
moz-do-not-send="true">bind-users@lists.isc.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello - I am running the Bind server <br>
</p>
<p>> named -v<br>
BIND 9.11.2 <id:0a2b929><br>
</p>
<p>under OpenSuSE Leap 15.0. In order to support other
servers running on the same system that my Bind server is
running on I am trying to set up 3 views, one for the
localhost, one for my internal network to use, and one for
the external Internet. (yes this is also a gateway system
with 2 NIC cards.) What I am having troubles with is
getting the localhost view to work properly. I have tried
a number of ways to get this to work and will show the
apropos segment of my named.conf file below. Commented
out sections show things I have tried already but rejected
because the results I get from queries, from other servers
on this gateway/localhost system, that are not what I
want. For example if I use the definition in with
localhost is defined, rather than 127.0.0.1, I will get
results that are defined by my internal view which is not
acceptable. If I use 127.0.0.1 instead, lookup query
results from/for the other servers running on my
gateway/localhost fail completely with no results
returned. I don't understand why 127.0.0.1 fails, it
seems like this should be the proper way to limit the
scope of localhost queries so that they are answered by
definitions defined in my "localhost_resolver" view. What
am I missing? How to I set up the "localhost_resolver"
view so that it will answer queries from localhost without
falling through to my "internal" view? (The keys are
also necessary to restrict certain types of queries but I
tried not using them and got the same inadequate responses
to queries from the localhost.) <br>
</p>
<p>I have also used dig to show exactly what view was
answering queries from localhost and it verified that the
queries were indeed being answered by my internal view
when I used localhost in the match-clients and
match-destinations statements. If necessary I can post
other files, such as the local_zones.conf or some of the
domain definition files themselves but will have to edit
them to remove actual URLs and other sensitive
information. I checked the log files also, after setting
the debug level to 10, and the Bind server reports no
errors or warnings when it is started up. Thanks for any
help offered, and below is what I think is the relevant
part of my named.conf file.</p>
<p> Marc....<br>
</p>
<p> </p>
<blockquote type="cite">view "localhost_resolver"<br>
{<br>
// match-clients { ! key letsencrypt.; !
key rndc-key.; ! key letsencrypt_amcrest.; localhost; };<br>
// match-destinations { ! key letsencrypt.; !
key rndc-key.; ! key letsencrypt_amcrest.; localhost; };<br>
<br>
match-clients { ! key letsencrypt.; !
key rndc-key.; ! key letsencrypt_amcrest.; 127.0.0.1; };<br>
match-destinations { ! key letsencrypt.; !
key rndc-key.; ! key letsencrypt_amcrest.; 127.0.0.1; };<br>
<br>
// match-clients { 127.0.0.1; };<br>
// match-destinations { 127.0.0.1; };<br>
<br>
recursion yes;<br>
zone "." in {<br>
type hint;<br>
file "root.hint";<br>
};<br>
zone "localhost" in {<br>
type master;<br>
file "localhost.zone";<br>
allow-update { none; };<br>
};<br>
zone "0.0.127.in-addr.arpa" in {<br>
type master;<br>
file "127.0.0.zone";<br>
allow-update { none; };<br>
};<br>
zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
in {<br>
type master;<br>
file "127.0.0.zone";<br>
};<br>
include "/etc/named.d/local/local_zones.conf";<br>
};<br>
<br>
view "internal" { // What the home network will see<br>
// match-clients { ! key letsencrypt.; ! key
rndc-key.; ! key letsencrypt_amcrest.; localnets;
localhost; };<br>
// match-destinations { ! key letsencrypt.; ! key
rndc-key.; ! key letsencrypt_amcrest.; localnets;
localhost; };<br>
<br>
// match-clients { ! key letsencrypt.; ! key
rndc-key.; ! key letsencrypt_amcrest.; <a
href="http://192.168.10.0/24" target="_blank"
moz-do-not-send="true">192.168.10.0/24</a>; 127.0.0.1;
};<br>
// match-destinations { ! key letsencrypt.; ! key
rndc-key.; ! key letsencrypt_amcrest.; <a
href="http://192.168.10.0/24" target="_blank"
moz-do-not-send="true">192.168.10.0/24</a>; 127.0.0.1;
};<br>
<br>
match-clients { ! key letsencrypt.; ! key
rndc-key.; ! key letsencrypt_amcrest.; <a
href="http://192.168.10.0/24" target="_blank"
moz-do-not-send="true">192.168.10.0/24</a>; };<br>
match-destinations { ! key letsencrypt.; ! key
rndc-key.; ! key letsencrypt_amcrest.; <a
href="http://192.168.10.0/24" target="_blank"
moz-do-not-send="true">192.168.10.0/24</a>; };<br>
<br>
// match-clients { <a
href="http://192.168.10.0/24" target="_blank"
moz-do-not-send="true">192.168.10.0/24</a>; };<br>
// match-destinations { <a
href="http://192.168.10.0/24" target="_blank"
moz-do-not-send="true">192.168.10.0/24</a>; };<br>
<br>
recursion yes;<br>
zone "." in {<br>
type hint;<br>
file "root.hint";<br>
};<br>
include "/etc/named.d/internal/internal_zones.conf";<br>
};<br>
</blockquote>
<blockquote type="cite">view "external" { // What the
Internet will see<br>
match-clients { any; };<br>
match-destinations { any; };<br>
recursion no;<br>
include "/etc/named.d/external/external_zones.conf"; <br>
};<br>
</blockquote>
<br>
<p><br>
</p>
<div>-- <br>
<pre> --... ...-- .----. ... -.. . .-- .- --... .--. -..- .-- -- .- .-. -.-. </pre>
<br>
<b>Computers: the final frontier. These are the voyages of
the user Marc.<br>
His mission: to explore strange new hardware. To seek
out new software and new applications.<br>
To boldly go where no Marc has gone before!<br>
</b></div>
</div>
_______________________________________________<br>
Please visit <a
href="https://lists.isc.org/mailman/listinfo/bind-users"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.isc.org/mailman/listinfo/bind-users</a>
to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank"
moz-do-not-send="true">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote>
</div>
</blockquote>
<p><br>
</p>
<div class="moz-signature">-- <br>
<pre> --... ...-- .----. ... -.. . .-- .- --... .--. -..- .-- -- .- .-. -.-. </pre>
<br>
<b>Computers: the final frontier. These are the voyages of the
user Marc.<br>
His mission: to explore strange new hardware. To seek out new
software and new applications.<br>
To boldly go where no Marc has gone before!<br>
</b></div>
</body>
</html>