Query Refused problem

Matus UHLAR - fantomas uhlar at fantomas.sk
Thu Oct 1 15:43:05 UTC 2009 

On 30.09.09 15:59, Sven Eschenberg wrote:
> When I had no allow-query statement at all in my config, everything  
> worked find (includign recursion) for all clients, that were in subnets  
> directly attached to the server. The external view (authoriative, non  
> recursive) did work for every client as supposed to.
> Now a client on a not directly attached subnet, with it's own view,  
> could not resolve anything, except local zones on the server. (Though  
> recursion was turned on for the view).
> External view's clients could nto recurse, though recursion was turned  
> on, obviously to realyl recurse I'd need an allow-query statement.
>
> Adding an allow-query statement to the general config, limitied to the  
> campus network made all local views work, but with the result, that no  
> client matching the external view could looks up the authoriative zones.
>
> Now, I am wondering if I did set uop everything right afterall, here's  
> what I did do:
>
> External view, no recursion, allow-query {any;}
> Not directly attached client with internal view: match on client's ip,  
> allow recursion, allow query for the client's ip.
> all other internal views, matched by locally attached netowrks, no  
> allow-query statement, allow recursion.
>
> This seems to work.
>
> I am wondering: Would it be harmfull to allow queries by any host  
> (globally) as long as external clients (in their view) are not allowed  
> any recursion? Would that be more feasible?

allow-query { any; }; is default. Do you have any other allows's ?

the first error message indicated that you didn't allow query-cache or recursion
for some clients. Apparently you cloned a view but forget to allow either
one in the new view...

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson.  -- Daffy Duck & Porky Pig

More information about the bind-users mailing list