Unexpected "REFUSED" response.
Neil W Rickert
rickert+nn at cs.niu.edu
Mon May 17 21:24:07 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jim Reid <jim at rfc1035.com> writes:
>>>>>> "Neil" == Neil W Rickert <rickert+nn at cs.niu.edu> writes:
> Neil> zone "niu.edu" in {
> Neil> type slave ;
> Neil> file "cache/niu.DOM" ;
> Neil> masters { 131.156.1.11 ; } ;
> Neil> allow-query { any ; } ;
> Neil> } ;
> Neil> A query from off-campus resulted in the unexpected:
> Neil> ; <<>> DiG 9.2.3 <<>> @mp.cs.niu.edu max.niu.edu
> Neil> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 65093
>Could you have some sort of global ACL, say for allow-recursion? A
I did mention in my original post, that access is restricted from off
campus. That is done with
allow-query { niu ; } ;
allow-recursion { niu ; } ;
Yes, I understand what has happened. Since max.niu.edu is
a CNAME, these restriction deny access to a lookup of the
CNAME destination.
But my question is this:
Access is explicitly allowed for niu.edu. So why does named not
return the CNAME record, and set the recursion-denied flag to
indicate why it won't look up the CNAME destination?
It seems strange to get REFUSED on a lookup for a name for
which access was explicitly allowed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SunOS)
iD8DBQFAqS10vmGe70vHPUMRAn/pAKDYQA7TIsSv83wf/9RSUApX4FOdigCffl+h
T8eMMZRj3XaqDhSegc+a9Wc=
=CuHP
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list