odd behaviour on caching ns with views
Torsten
toto at the-damian.de
Tue Jun 8 09:03:55 UTC 2010
Hi,
I've observed an odd behaviour in one of our customers caching
nameservers (running an ISC 9.6.1-P3 installation on a RHEL5.4 box).
The server uses views for different parts of the customer environment:
options {
directory "/named/custenv/";
query-source address 10.10.3.22 port *;
listen-on port 53 { 10.10.3.22; };
pid-file "log/named.pid";
allow-query { any; };
minimal-responses yes;
version "you should know";
statistics-file "log/stats";
max-cache-size 1000M;
};
acl "transfer" { 10.230.0.123; };
view "transfer" {
match-clients { "transfer"; };
include "/named/default/private_netblocks.conf";
zone "com" {
type delegation-only;
};
zone "net" {
type delegation-only;
};
zone "3.10.10.in-addr.arpa" {
type forward;
forwarders { 194.163.252.5; 195.180.210.23; };
};
zone "230.10.in-addr.arpa" {
type forward;
forwarders { 194.163.252.5; 195.180.210.23; };
};
zone "content" {
type forward;
forwarders { 10.230.43.200; 10.230.43.201; };
};
zone "isilon-nfs" {
type forward;
forwarders { 10.230.0.250; };
};
};
view "prod" {
match-clients { any; };
include "/named/default/private_netblocks.conf";
zone "com" {
type delegation-only;
};
zone "net" {
type delegation-only;
};
zone "3.10.10.in-addr.arpa" {
type forward;
forwarders { 194.163.252.5; 195.180.210.23; };
};
zone "230.10.in-addr.arpa" {
type forward;
forwarders { 194.163.252.5; 195.180.210.23; };
};
zone "isilon-nfs" {
type forward;
forwarders { 10.230.0.250; };
};
};
Everything works perfectly okay except queries for
1.0.0.127.in-addr.arpa and 0.0.0.0.in-addr.arpa. These are refused by
the caching server (denied entries in default log).
Asking those queries on an identical server without views returns the
usual NXDOMAIN answer.
Is there something special about 0.in-addr.arpa and 127.in-addr.arpa in
views I haven't seen yet?
Ciao
Torsten
More information about the bind-users
mailing list