class=any in query is refused while class=in is answered correctly
Cricket Liu
cricket at menandmice.com
Fri Jan 4 18:26:16 UTC 2002
> We've found the following behaviour of named 8.2.2-P5 and we're wondering
> if this is correct. The configuration is as follows:
>
> - The nameserver is configured to only allow queries for the domains it is
> master or slave for;
> - We have configured a domain 'xo.nl' that has two MX RRs.
>
> options {
> allow-query { none; };
> }
>
> zone "xo.nl" {
> type master;
> file "hosts.xo.nl";
> allow-query { any; };
> };
>
> Now, a normal query for the MX of xo.nl works just fine (see below), but
> when we set the class of the query to ANY, the query is refused. In our
> opinion that is an error, or can somebody explain why not?
>
> $ nslookup
> Default Server: ns1.xo.nl
> Address: 62.100.32.132
>
> > set class=IN
> > set type=MX
> > xo.nl.
>
> Server: ns1.xo.nl
> Address: 62.100.32.132
>
> xo.nl preference = 50, mail exchanger = jupiter.nl.xo.com
> ...
> <snip>
>
> > set class=ANY
> > set type=MX
> > xo.nl.
>
> Server: ns1.xo.nl
> Address: 62.100.32.132
>
> *** ns1.xo.nl can't find xo.nl.: Query refused
>
> We discovered this by chance, because a certain nameserver on the
> internet is sending these class=any type queries (while the vast majority
> doesn't) and gets refused.
>
> Can anybody shed some light upon this?
I thought you might find this entry from the BIND 8.3.0
CHANGES file interesting:
1258. [func] treat class ANY as class IN for access control for
non-xfr queries.
cricket
Men & Mice
DNS Software & Services
www.menandmice.com
Attend our next DNS and BIND class! See
http://www.menandmice.com/8000/8000_dns_training.html
for the schedule and to register for upcoming classes
More information about the bind-users
mailing list