Issues with setting recursive no in a view

Kevin Van Der Hart kvanderhart at vermeermfg.com
Thu Sep 29 19:23:05 UTC 2005 

Our external DNS server (Bind 9.3.1) seems to be having problems. I have 2
views, 1 for local machines in the DMZ where the DNS server is located and
one for external users. If I set recursion to no in the external view
(preferred for security reasons) the domains I am authoritative for will
intermittently not respond with the proper information and it will instead
return the list of root name servers. This does not always happen on the
same domains. If I set recursion to yes, all domains always respond properly
and none return as non-authoritative. My named.conf file is included below.
We have several more domains than what is listed but I shortened it to keep
the message shorter.

Thanks in advance for any advice.

-----
Kevin Van Der Hart
Systems Engineer
Vermeer Mfg Co


options {
      directory "/usr/local/etc/namedb";
      dump-file "named_dump.db";
      statistics-file "named.stats";
      version "YES";
	forwarders { XXX.XXX.XXX.XXX; XXX.XXX.XXX.XXX; XXX.XXX.XXX.XXX;
XXX.XXX.XXX.XXX; };
	allow-transfer { XXX.XXX.XXX.XXX; XXX.XXX.XXX.XXX; XXX.XXX.XXX.XXX;
XXX.XXX.XXX.XXX; XXX.XXX.XXX.XXX; };
	pid-file "/usr/local/etc/namedb/named.pid";
};

view "dmz" {
        match-clients { XXX.XXX.XXX/24; };
        recursion yes;
        zone "." {
                type hint;
                file "root.cache";
        };
        zone "0.1.127.in-addr.arpa" {
                type master;
                file "0.1.127.db";
        };
	zone "vermeermfg.com" {
       		type master;
       		file "vermeermfg.com.db.dmz";
	};
	zone "vermeerdlr.com" {
       		type master;
       		file "vermeerdlr.com.db.dmz";
	};
	zone "106.168.192.in-addr.arpa" {
       		type master;
       		file "106.168.192.db.dmz";
	};
};

view "external" {
        match-clients { any; };
        recursion yes;
	zone "vermeermfg.com" in {
       		type master;
        	file "vermeermfg.com.db";
	};
	zone "227.184.199.in-addr.arpa" in {
        	type master;
        	file "227.184.199.db";
	};
	zone "vermeermfg.net" in {
        	type master;
        	file "vermeermfg.net.db";
	};
	zone "vermeerdlr.com" in {
        	type master;
        	file "vermeerdlr.com.db";
	};
	zone "vermeer-international.com" in {
        	type master;
        	file "vermeer-international.com.db";
	};
	zone "vermeer.com" in {
        	type master;
        	file "vermeer.com.db";
	};
	zone "vermeerag.com" in {
        	type master;
        	file "vermeerag.com.db";
	};
};

-----
Kevin Van Der Hart
Systems Engineer
Vermeer Mfg Co

More information about the bind-users mailing list