BIND9.3 zonename Problem
Mark Andrews
Mark_Andrews at isc.org
Sun Oct 31 22:56:51 UTC 2004
> On ns0.example.com BIND9.3 says:
> ---
> "named[53719]: client x.x.x.x#58160: query (cache) '
> 227.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied"
> ---
Since everyone seems to be missing the real error.
This has nothing to do with the allow-query in the zone.
227.0.80.62.IN-ADDR.ARPA is NOT in the zone.
Host makes a query for 227.0.80.62.IN-ADDR.ARPA not for
227.224-239.0.80.62.IN-ADDR.ARPA. This would normally
work as it would be asking its own recursive servers.
By specifying the server to query you asked it to become
the recursive server which of course failed as your server
was not setup to do this.
The allow-query acl in options doesn't allow this client to
query the cache.
You can fix this one of two ways:
* Open up the allow-query in options to allow this client to
access the cache.
* Become a slave for the parent zone and allow this client to
access the parent zone. This also provides fault tolerance
for your local clients when the external network is down as
it allows the mappings (CNAMES) from the well known names to
the names in your zone to found without having to make a
external query.
zone "0.80.62.in-addr.arpa" {
type slave;
file "slave/0.80.62.in-addr.arpa";
masters { 212.82.225.7; 212.82.226.212; };
allow-query { any; };
}
zone "224-239.0.80.62.in-addr.arpa" {
type master;
file "master/224-239.0.80.62.in-addr.arpa";
allow-query { any; };
allow-transfer { "slave-aard"; };
};
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list