reverse zone without recursion
Kevin Darcy
kcd at daimlerchrysler.com
Tue Oct 8 20:55:12 UTC 2002
Serge Andrey wrote:
> Hi all,
>
> I have bind-9.2.2rc1 and I try to configure an external view
> without recursion. It's works fine for zone like 'mydomain.com'
> but doesn't work (Query refused) for the reverse zone
> like '21.134.in-addr.arpa'.
>
> If a set 'recursion yes;' on the external view the reverse zone
> works ... but I won't turn the recursion on !
>
> Any idea how to have a _reverse_ zone in a view without recursion on ?
>
>
> view "internal" {
> match-clients { "internal"; };
> recursion yes;
>
> zone "mydomain.com" {
> type master;
> file "mydomain.com";
> };
>
> zone "21.134.in-addr.arpa" {
> type master;
> file "db.134.21";
> };
>
> zone "." {
> type hint;
> file "db.cache";
> };
> };
>
> view "external" {
> match-clients { any; };
> recursion no;
>
> zone "mydomain.com" {
> type master;
> file "db.mydomain";
> };
>
> zone "21.134.in-addr.arpa" {
> type master;
> file "db.134.21";
> };
>
> zone "." {
> type hint;
> file "db.cache";
> };
Well, how are you testing this? Be aware that an ordinary stub resolver
doesn't deal well with referrals or "naked" CNAMEs, which is what it will
get back from a non-recursive server if asked about something which is
delegated or aliased outside of its control. Furthermore, if you're using
a tool like "nslookup", which implements a "search" algorithm by default,
it might be trying other names besides the one you specifically asked
for, and then misreporting a REFUSED response it gets for one of those
other names as the overall result of the query.
"dig" tends to be far more useful for troubleshooting problems of this
type.
- Kevin
More information about the bind-users
mailing list