Issues with setting recursive no in a view
Kevin Van Der Hart
kvanderhart at vermeermfg.com
Thu Sep 29 19:23:05 UTC 2005
Our external DNS server (Bind 9.3.1) seems to be having problems. I have 2
views, 1 for local machines in the DMZ where the DNS server is located and
one for external users. If I set recursion to no in the external view
(preferred for security reasons) the domains I am authoritative for will
intermittently not respond with the proper information and it will instead
return the list of root name servers. This does not always happen on the
same domains. If I set recursion to yes, all domains always respond properly
and none return as non-authoritative. My named.conf file is included below.
We have several more domains than what is listed but I shortened it to keep
the message shorter.
Thanks in advance for any advice.
-----
Kevin Van Der Hart
Systems Engineer
Vermeer Mfg Co
options {
directory "/usr/local/etc/namedb";
dump-file "named_dump.db";
statistics-file "named.stats";
version "YES";
forwarders { XXX.XXX.XXX.XXX; XXX.XXX.XXX.XXX; XXX.XXX.XXX.XXX;
XXX.XXX.XXX.XXX; };
allow-transfer { XXX.XXX.XXX.XXX; XXX.XXX.XXX.XXX; XXX.XXX.XXX.XXX;
XXX.XXX.XXX.XXX; XXX.XXX.XXX.XXX; };
pid-file "/usr/local/etc/namedb/named.pid";
};
view "dmz" {
match-clients { XXX.XXX.XXX/24; };
recursion yes;
zone "." {
type hint;
file "root.cache";
};
zone "0.1.127.in-addr.arpa" {
type master;
file "0.1.127.db";
};
zone "vermeermfg.com" {
type master;
file "vermeermfg.com.db.dmz";
};
zone "vermeerdlr.com" {
type master;
file "vermeerdlr.com.db.dmz";
};
zone "106.168.192.in-addr.arpa" {
type master;
file "106.168.192.db.dmz";
};
};
view "external" {
match-clients { any; };
recursion yes;
zone "vermeermfg.com" in {
type master;
file "vermeermfg.com.db";
};
zone "227.184.199.in-addr.arpa" in {
type master;
file "227.184.199.db";
};
zone "vermeermfg.net" in {
type master;
file "vermeermfg.net.db";
};
zone "vermeerdlr.com" in {
type master;
file "vermeerdlr.com.db";
};
zone "vermeer-international.com" in {
type master;
file "vermeer-international.com.db";
};
zone "vermeer.com" in {
type master;
file "vermeer.com.db";
};
zone "vermeerag.com" in {
type master;
file "vermeerag.com.db";
};
};
-----
Kevin Van Der Hart
Systems Engineer
Vermeer Mfg Co
More information about the bind-users
mailing list