my secondary ns won't answer external queries
David Botham
DBotham at OptimusSolutions.com
Wed Oct 13 20:03:39 UTC 2004
bind-users-bounce at isc.org wrote on 10/13/2004 03:11:53 PM:
[clip..]
> One can connect to port 53 with telnet, so it
> isn't a firewall issue, (I think), perhaps
> it is something else.
Allow both TCP and UDP over port 53 for proper operation of DNS.
>
[clip internal view...]
>
> view "external" {
> ~ match-clients { !internal_clients; any; };
The "!internal_clients" acl is redundant. Views are "order" sensitive.
That is to say, the internal view is matched first and therefore
"internal_clients" would never be considered in this view. You can safely
remove this acl entry.
> ~ recursion no;
Depending on what type of queries you expect to be honored in the external
view the above line could be your problem. The above line will limit
legal queries in the external zone to data for which the external view is
authoritative. If you are "external" and query for say "www.ibm.com" you
will have a problem.
Also, is there anything in your log files?
Dave...
[clip...]
More information about the bind-users
mailing list