Queries sometimes denied
Kevin Darcy
kcd at daimlerchrysler.com
Thu May 2 19:08:43 UTC 2002
You probably have a global "allow-query" ACL, right?
In older versions of BIND 8, queries that have a class of ANY are
matched against the global ACL instead of the zone-specific ACL (the
reasoning being, apparently, that the zone definition is class-specific,
and thus doesn't match a class=ANY query).
I think they fixed this in a later version of BIND 8.
- Kevin
Jim Hatfield wrote:
> I am running bind 8.2.4 and serving up insignia.com
> among other domains. The config file includes:
>
> zone "insignia.com" {
> type master;
> file "insignia.ca";
> allow-query { any; };
> };
>
> Yet every now and again I get a burst of errors like:
>
> May 2 13:59:06 highland named[144]: denied query from
> [194.119.131.65].53 for "insignia.com" ANY
>
> I'm confused as to why some queries are denied when
> all are supposed to be allowed.
>
> --
> Jim Hatfield
More information about the bind-users
mailing list