split-view DNS not working for my internal zone...
Kevin Darcy
kcd at chrysler.com
Thu Sep 18 19:54:05 UTC 2008
Evert wrote:
> Hi all,
>
> Wrestling a bit with split-view...
>
> In my named.conf:
> -------------------------------------------------
> view "internal" {
> match-clients { 192.168.24.10/24; };
> recursion yes;
> notify no;
>
> zone "." {
> type hint;
> file "named.ca";
> };
>
>
> zone "domain.com" {
> type master;
> file "local/domain.com.hosts";
> };
> };
> -------------------------------------------------
>
>
>
> In local/domain.com.hosts:
> -------------------------------------------------
> $TTL 3600
>
> www1 IN A 1.2.3.4
> -------------------------------------------------
>
>
> However, when I try a:
> nslookup www1.domain.com.
>
> I get:
> -------------------------------------------------
> Server: 127.0.0.1
> Address: 127.0.0.1#53
>
> ** server can't find www1.domain.com: SERVFAIL
> -------------------------------------------------
>
>
>
> The queries.log shows it does go to the correct view:
> -------------------------------------------------
> 18-Sep-2008 20:21:18.802 client 127.0.0.1#40414: view internal: query:
> www1.domain.com IN A +
> 18-Sep-2008 20:21:18.803 client 127.0.0.1#53315: view internal: query:
> www1.domain.com IN A +
> -------------------------------------------------
>
>
> What am I doing wrong here?
>
>
192.168.24.10/24 is an illegal specification (masking on the first 3
octets, but with bits in the fourth octet?). Did you perhaps mean
192.168.24.0/24?
127.0.0.1 is neither 192.168.24.10 nor in the 192.168.24.0/24 range
(depending on what you meant, see above).
You might want to include the built-in ACL "localhost" in the
match-clients. That ACL includes the addresses of all your local
interfaces. "localnets" may be even more convenient, but, depending on
your network configuration and the rest of your config, match more than
you intend.
- Kevin
More information about the bind-users
mailing list