BIND9.3 zonename Problem

[Mark Andrews]

> On ns0.example.com BIND9.3 says:
> ---
> "named[53719]: client x.x.x.x#58160: query (cache) '
> 227.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied"
> ---

	Since everyone seems to be missing the real error.

	This has nothing to do with the allow-query in the zone.
	227.0.80.62.IN-ADDR.ARPA is NOT in the zone.

	Host makes a query for 227.0.80.62.IN-ADDR.ARPA not for
	227.224-239.0.80.62.IN-ADDR.ARPA.  This would normally
	work as it would be asking its own recursive servers.
	By specifying the server to query you asked it to become
	the recursive server which of course failed as your server
	was not setup to do this.

	The allow-query acl in options doesn't allow this client to
	query the cache.

	You can fix this one of two ways:
	*  Open up the allow-query in options to allow this client to
	   access the cache.  
	*  Become a slave for the parent zone and allow this client to
	   access the parent zone.  This also provides fault tolerance
	   for your local clients when the external network is down as
	   it allows the mappings (CNAMES) from the well known names to
	   the names in your zone to found without having to make a
	   external query.

	zone "0.80.62.in-addr.arpa" {
		type slave;
		file "slave/0.80.62.in-addr.arpa";
		masters { 212.82.225.7;  212.82.226.212; };
		allow-query { any; };
	}

	zone "224-239.0.80.62.in-addr.arpa" {
		type master;
		file "master/224-239.0.80.62.in-addr.arpa";
		allow-query { any; };
		allow-transfer { "slave-aard"; };
	};

	Mark

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org