BIND8: "unapproved query" with "allow-query { any }"
Kevin Darcy
kcd at daimlerchrysler.com
Tue Feb 15 19:45:33 UTC 2000
Tilman Schmidt wrote:
> BIND 8.2.2-P5 occasionally gives me syslog messages like:
>
> Feb 14 15:16:28 igate named[348]: unapproved query from
> [194.221.183.1].53 for "wiesbaden.sema.de"
>
> The named.conf file, however, contains:
>
> zone "sema.de" {
> type master;
> file "sema.de";
> allow-query { any; };
> allow-transfer { master-xferers; };
> };
>
> where "master-xferers" is an ACL comprising our secondary NSes and
> a couple of machines specifically allowed to fetch our zones.
> How can this happen?
There appears to be a bug in the ACL-matching code which causes named to
spuriously reject class=ANY queries. Fortunately, such queries are
relatively rare.
- Kevin
More information about the bind-users
mailing list