Query status refused afer upgrading from 9.7.2-P2 to 9.7.2-P3
David S.
david at pnyet.web.id
Thu Dec 2 06:15:07 UTC 2010
Hi Mark,
Yes, bind work fine without allow-query statement in view.
Here is my named.conf and view:
options {
allow-query { "trusted"; };
};
view "mynetwork" in {
match-clients {"trusted"; };
recursion yes;
allow-transfer { "xfer"; };
additional-from-auth yes;
additional-from-cache yes;
view "internet" in {
match-clients { any; };
recursion no;
allow-transfer { "xfer"; };
additional-from-auth no;
additional-from-cache no;
Do you mean "allow-query" statement necessary need on view?
--
Best regards,
David
http://blog.pnyet.web.id
On 12/02/2010 12:04 PM, Mark Andrews wrote:
> In message <4CF723EF.4050101 at pnyet.web.id>, "David S." writes:
>
>> Dear All,
>>
>> My BIND is running on CentOS 5.5 64bit, I'm getting problem after
>> upgrading from 9.7.2-P2 to 9.7.2-P3, see below to detail may upgrade
>> process:
>> 1. download bind
>> 2. tar -zxvf bind.xxx
>> 3. sudo ./configure --perfix=/usr/loca/named
>> 4. sudo make
>> 5. sudo make install
>>
>> Restart the bind service, and I found query denied from internet to my
>> public domain. My Bind is configured using split dns and before upgrade
>> bind service is very well.
>>
>> Anyone help me?
>>
> Perhaps a allow-query statement is now working which wasn't before?
>
> Mark
>
> 2969. [security] Fix acl type processing so that allow-query works
> in options and view statements. Also add a new
> set of tests to verify proper functioning.
>
> CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
> CVE-2010-3615, VU#510208. [RT #22418]
>
> Mark
>
More information about the bind-users
mailing list