<div dir="ltr">Hello.<div>What exact version of BIND are you running? "named -V" From dig it *looks* like you are running 9.18.9. </div><div>ECS support only exists in the subscription editions of BIND (-S suffix) and to get that you need to be an eligible ISC support customer.</div><div><br></div><div>Thanks, Greg</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 13 Dec 2022 at 10:48, 徐娅 <<a href="mailto:xuya2011@gmail.com">xuya2011@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><pre lang="plaintext" style="color:rgb(0,0,0)"><span id="m_-3323835284254872650gmail-LC1" lang="plaintext">25-Nov-2022 23:30:32.924 running on Linux x86_64 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020</span>
<span id="m_-3323835284254872650gmail-LC2" lang="plaintext">25-Nov-2022 23:30:32.924 built with  '--prefix=/usr/local/bind-9.18.9' '--enable-largefile' '--enable-epoll' '--enable-full-report' '--disable-doh' '--enable-dnsrps-dl' '--enable-dnsrps'</span>
<span id="m_-3323835284254872650gmail-LC3" lang="plaintext">25-Nov-2022 23:30:32.924 running as: named -c named.conf -fg</span>
<span id="m_-3323835284254872650gmail-LC4" lang="plaintext">25-Nov-2022 23:30:32.924 compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-39)</span>
<span id="m_-3323835284254872650gmail-LC5" lang="plaintext">25-Nov-2022 23:30:32.924 compiled with OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017</span>
<span id="m_-3323835284254872650gmail-LC6" lang="plaintext">25-Nov-2022 23:30:32.924 linked to OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017</span>
<span id="m_-3323835284254872650gmail-LC7" lang="plaintext">25-Nov-2022 23:30:32.924 compiled with zlib version: 1.2.7</span>
<span id="m_-3323835284254872650gmail-LC8" lang="plaintext">25-Nov-2022 23:30:32.924 linked to zlib version: 1.2.7</span>
<span id="m_-3323835284254872650gmail-LC9" lang="plaintext">25-Nov-2022 23:30:32.924 ----------------------------------------------------</span>
<span id="m_-3323835284254872650gmail-LC10" lang="plaintext">25-Nov-2022 23:30:32.924 BIND 9 is maintained by Internet Systems Consortium,</span>
<span id="m_-3323835284254872650gmail-LC11" lang="plaintext">25-Nov-2022 23:30:32.924 Inc. (ISC), a non-profit 501(c)(3) public-benefit</span>
<span id="m_-3323835284254872650gmail-LC12" lang="plaintext">25-Nov-2022 23:30:32.924 corporation.  Support and training for BIND 9 are</span>
<span id="m_-3323835284254872650gmail-LC13" lang="plaintext">25-Nov-2022 23:30:32.924 available at <a href="https://www.isc.org/support" target="_blank">https://www.isc.org/support</a></span>
</pre><pre lang="plaintext" style="color:rgb(0,0,0)"><span lang="plaintext"><br></span></pre><pre lang="plaintext" style="color:rgb(0,0,0)"><span lang="plaintext"><br></span></pre><pre lang="plaintext" style="color:rgb(0,0,0)"><span lang="plaintext"><pre lang="plaintext"><span id="m_-3323835284254872650gmail-LC1" lang="plaintext"># cat named.conf</span>
<span id="m_-3323835284254872650gmail-LC2" lang="plaintext">... ...</span>
<span id="m_-3323835284254872650gmail-LC3" lang="plaintext">... ...</span>
<span id="m_-3323835284254872650gmail-LC4" lang="plaintext">options {</span>
<span id="m_-3323835284254872650gmail-LC5" lang="plaintext">    listen-on    port 353 { any; };</span>
<span id="m_-3323835284254872650gmail-LC6" lang="plaintext">    listen-on-v6 port 353 { any; };</span>
<span id="m_-3323835284254872650gmail-LC7" lang="plaintext">    directory       "/root/edns/named";</span>
<span id="m_-3323835284254872650gmail-LC9" lang="plaintext">    allow-query     {</span><span id="m_-3323835284254872650gmail-LC10" lang="plaintext"> any;    </span><span id="m_-3323835284254872650gmail-LC11" lang="plaintext">};</span>
<span id="m_-3323835284254872650gmail-LC12" lang="plaintext">    allow-recursion {</span><span id="m_-3323835284254872650gmail-LC13" lang="plaintext">        any;   </span><span id="m_-3323835284254872650gmail-LC14" lang="plaintext"> };</span>
<span id="m_-3323835284254872650gmail-LC15" lang="plaintext"></span>
<span id="m_-3323835284254872650gmail-LC16" lang="plaintext">    empty-zones-enable no;</span>
<span id="m_-3323835284254872650gmail-LC17" lang="plaintext"></span>
<span id="m_-3323835284254872650gmail-LC18" lang="plaintext">    pid-file "/root/edns/named/run/named.pid";</span>
<span id="m_-3323835284254872650gmail-LC19" lang="plaintext"></span>
<span id="m_-3323835284254872650gmail-LC20" lang="plaintext">};</span>
<span id="m_-3323835284254872650gmail-LC21" lang="plaintext"></span>
<span id="m_-3323835284254872650gmail-LC22" lang="plaintext">view "aaa" {</span>
<span id="m_-3323835284254872650gmail-LC23" lang="plaintext">    match-clients {    </span><span id="m_-3323835284254872650gmail-LC24" lang="plaintext"><a href="http://10.105.0.0/16" target="_blank">10.105.0.0/16</a>;   </span><span id="m_-3323835284254872650gmail-LC25" lang="plaintext">};</span>
<span id="m_-3323835284254872650gmail-LC26" lang="plaintext">    zone "<a href="http://abc.com" target="_blank">abc.com</a>" {</span>
<span id="m_-3323835284254872650gmail-LC27" lang="plaintext">        type master;</span>
<span id="m_-3323835284254872650gmail-LC28" lang="plaintext">        file "aaa/<a href="http://abc.com" target="_blank">abc.com</a>";</span>
<span id="m_-3323835284254872650gmail-LC29" lang="plaintext">    };</span>
<span id="m_-3323835284254872650gmail-LC30" lang="plaintext">};</span>
<span id="m_-3323835284254872650gmail-LC31" lang="plaintext"></span>
<span id="m_-3323835284254872650gmail-LC32" lang="plaintext">view "bbb" {</span>
<span id="m_-3323835284254872650gmail-LC33" lang="plaintext">    match-clients { </span><span id="m_-3323835284254872650gmail-LC34" lang="plaintext"><a href="http://10.106.0.0/26" target="_blank">10.106.0.0/26</a>;  </span><span id="m_-3323835284254872650gmail-LC35" lang="plaintext"> };</span>
<span id="m_-3323835284254872650gmail-LC36" lang="plaintext">    zone "<a href="http://abc.com" target="_blank">abc.com</a>" {</span>
<span id="m_-3323835284254872650gmail-LC37" lang="plaintext">        type master;</span>
<span id="m_-3323835284254872650gmail-LC38" lang="plaintext">        file "bbb/<a href="http://abc.com" target="_blank">abc.com</a>";</span>
<span id="m_-3323835284254872650gmail-LC39" lang="plaintext">    };</span>
<span id="m_-3323835284254872650gmail-LC40" lang="plaintext">};</span>
<span id="m_-3323835284254872650gmail-LC41" lang="plaintext"></span>
<span id="m_-3323835284254872650gmail-LC42" lang="plaintext">view "idc-default" {</span>
<span id="m_-3323835284254872650gmail-LC43" lang="plaintext">    match-clients {  </span><span id="m_-3323835284254872650gmail-LC44" lang="plaintext">any;  </span><span id="m_-3323835284254872650gmail-LC45" lang="plaintext">};</span>
<span id="m_-3323835284254872650gmail-LC46" lang="plaintext">    zone "<a href="http://abc.com" target="_blank">abc.com</a>" {</span>
<span id="m_-3323835284254872650gmail-LC47" lang="plaintext">        type master;</span>
<span id="m_-3323835284254872650gmail-LC48" lang="plaintext">        file "any/<a href="http://abc.com" target="_blank">abc.com</a>";</span>
<span id="m_-3323835284254872650gmail-LC49" lang="plaintext">    };</span>
<span id="m_-3323835284254872650gmail-LC50" lang="plaintext">};</span>
<span id="m_-3323835284254872650gmail-LC51" lang="plaintext"></span>
<span id="m_-3323835284254872650gmail-LC52" lang="plaintext"># cat named/aaa/<a href="http://abc.com" target="_blank">abc.com</a></span>
<span id="m_-3323835284254872650gmail-LC53" lang="plaintext">... ...</span>
<span id="m_-3323835284254872650gmail-LC54" lang="plaintext">www 600 IN TXT aaa</span>
<span id="m_-3323835284254872650gmail-LC55" lang="plaintext"></span>
<span id="m_-3323835284254872650gmail-LC56" lang="plaintext"># cat named/bbb/<a href="http://abc.com" target="_blank">abc.com</a></span>
<span id="m_-3323835284254872650gmail-LC57" lang="plaintext">www 600 IN TXT bbb</span>
<span id="m_-3323835284254872650gmail-LC58" lang="plaintext"></span>
<span id="m_-3323835284254872650gmail-LC59" lang="plaintext"># cat named/ccc/<a href="http://abc.com" target="_blank">abc.com</a></span>
<span id="m_-3323835284254872650gmail-LC60" lang="plaintext">www 600 IN TXT ccc</span>
</pre><pre lang="plaintext"><span lang="plaintext"><br></span></pre><pre lang="plaintext"><span lang="plaintext"><pre lang="plaintext"><span id="m_-3323835284254872650gmail-LC1" lang="plaintext"># dig @<a href="http://127.0.0.1" target="_blank">127.0.0.1</a> -p 353 <a href="http://txt.abc.com" target="_blank">txt.abc.com</a> txt +subnet=10.105.2.2</span>
<span id="m_-3323835284254872650gmail-LC2" lang="plaintext"></span>
<span id="m_-3323835284254872650gmail-LC3" lang="plaintext">; <<>> DiG 9.18.9 <<>> @<a href="http://127.0.0.1" target="_blank">127.0.0.1</a> -p 353 <a href="http://txt.abc.com" target="_blank">txt.abc.com</a> txt +subnet=10.105.2.2</span>
<span id="m_-3323835284254872650gmail-LC4" lang="plaintext">; (1 server found)</span>
<span id="m_-3323835284254872650gmail-LC5" lang="plaintext">;; global options: +cmd</span>
<span id="m_-3323835284254872650gmail-LC6" lang="plaintext">;; Got answer:</span>
<span id="m_-3323835284254872650gmail-LC7" lang="plaintext">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7948</span>
<span id="m_-3323835284254872650gmail-LC8" lang="plaintext">;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1</span>
<span id="m_-3323835284254872650gmail-LC9" lang="plaintext"></span>
<span id="m_-3323835284254872650gmail-LC10" lang="plaintext">;; OPT PSEUDOSECTION:</span>
<span id="m_-3323835284254872650gmail-LC11" lang="plaintext">; EDNS: version: 0, flags:; udp: 1232</span>
<span id="m_-3323835284254872650gmail-LC12" lang="plaintext">; COOKIE: 075abe1b7a9c177a010000006380ded9dc3ca0fc1bae43d4 (good)</span>
<span id="m_-3323835284254872650gmail-LC13" lang="plaintext">; CLIENT-SUBNET: <a href="http://10.105.2.2/32/0" target="_blank">10.105.2.2/32/0</a></span>
<span id="m_-3323835284254872650gmail-LC14" lang="plaintext">;; QUESTION SECTION:</span>
<span id="m_-3323835284254872650gmail-LC15" lang="plaintext">;<a href="http://txt.abc.com" target="_blank">txt.abc.com</a>.                   IN      TXT</span>
<span id="m_-3323835284254872650gmail-LC16" lang="plaintext"></span>
<span id="m_-3323835284254872650gmail-LC17" lang="plaintext">;; ANSWER SECTION:</span>
<span id="m_-3323835284254872650gmail-LC18" lang="plaintext"><a href="http://txt.abc.com" target="_blank">txt.abc.com</a>.            600     IN      TXT     "any"</span>
<span id="m_-3323835284254872650gmail-LC19" lang="plaintext"></span>
<span id="m_-3323835284254872650gmail-LC20" lang="plaintext">;; Query time: 1 msec</span>
<span id="m_-3323835284254872650gmail-LC21" lang="plaintext">;; SERVER: 127.0.0.1#353(127.0.0.1) (UDP)</span>
<span id="m_-3323835284254872650gmail-LC22" lang="plaintext">;; WHEN: Fri Nov 25 23:27:21 CST 2022</span>
<span id="m_-3323835284254872650gmail-LC23" lang="plaintext">;; MSG SIZE  rcvd: 99</span>
<span id="m_-3323835284254872650gmail-LC24" lang="plaintext"></span>
</pre><p dir="auto" style="white-space:normal">I expect +subnet=10.105.2.2, return<span> </span><strong>aaa</strong>, but returned any</p><div style="white-space:normal"><pre lang="plaintext" id="m_-3323835284254872650gmail-code-7"><code><span id="m_-3323835284254872650gmail-LC1" lang="plaintext"># dig @<a href="http://127.0.0.1" target="_blank">127.0.0.1</a> -p 353 <a href="http://txt.abc.com" target="_blank">txt.abc.com</a> txt +subnet=10.105.2.2</span>
<span id="m_-3323835284254872650gmail-LC2" lang="plaintext">any</span></code></pre></div><p dir="auto" style="white-space:normal">I expect +subnet=10.106.3.3, return<span> </span><strong>bbb</strong>, but returned any</p><div style="white-space:normal"><pre lang="plaintext" id="m_-3323835284254872650gmail-code-8"><code><span id="m_-3323835284254872650gmail-LC1" lang="plaintext"># dig @<a href="http://127.0.0.1" target="_blank">127.0.0.1</a> -p 353 <a href="http://txt.abc.com" target="_blank">txt.abc.com</a> txt +subnet=10.106.3.3</span>
<span id="m_-3323835284254872650gmail-LC2" lang="plaintext">any</span></code></pre><pre lang="plaintext" id="m_-3323835284254872650gmail-code-8"><code><span lang="plaintext"><br></span></code></pre></div><p dir="auto" style="white-space:normal">How do I change named.conf?</p><h3 dir="auto" style="white-space:normal"><a id="m_-3323835284254872650gmail-user-content-links-references" aria-hidden="true"></a></h3></span></pre></span></pre></div>
-- <br>
Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div>