Plethora of logged messages started up
Robert Gahl
bgahl at bawcsa.org
Thu Dec 20 01:45:20 UTC 2001
Regretfully, answering my own query, but I'm doing it so that at least it
is recorded for someone else...
The way my rules were set up, zones I had defined where allowed to be
queried and zones I had not defined (usually assumed to be something I'm
not responsible for) were rejected.
Why all the log denials? Because a reverse delegation got turned on while I
was on vacation and I was rejecting the lookups for that data.
Adding a reverse zone in the primary and secondary solved the denials. Of
course, in the meantime, I got a crash course in configuring rndc so I
could turn querylog on in 9.2.0 :)
===
Pertaining to reverse zones, I have the following question about the entry
in the named.conf for same. I am delegated only partial class C addresses.
I have always struggled with how to define those, and I've never found a
really good example. Say I have 64 addresses, starting at 63.146.119.64
which is, I believe, written as: 63.146.119.64/26.
At any rate, is the zone definition for the reverse written as follows?
> zone "26/64.119.146.63.in-addr.arpa" {
> type master;
> file "primary/zone.63.146.119.64";
> allow-query {
> any;
> };
> allow-transfer {
> localhost;
> fireclick-xfer;
> };
> };
or do I make the zone definition simply:
zone "119.146.63.in-addr.arpa" {
...
};
and be done with it?
===
Bob Gahl Bicycle (Ryan Vanguard) Mobile || @
ARPA/Internet: bgahl at bawcsa.org || !_ \
URL: http://www.bawcsa.org/bgahl/ || (*)-~--+--(*)
"Sahn joong moe low ful how jee yah ching wong" - "When the
mountain has no tigers, the monkey will also declare himself
king." Chinese Proverb
More information about the bind-users
mailing list