hint zone conflicts with allow-query statement !
Bill Larson
wllarso at swcp.com
Thu Jan 26 22:50:38 UTC 2006
On Jan 26, 2006, at 2:40 PM, Mark Andrews wrote:
>
>> Hi, I'm in trouble with a bind9.2.4 server running on Debian Sarge
>> server
>> :
>>
>>
>> acl "acl_cache_clients" { 127.0.0.0/8; localnet; };
>>
>> zone "." {
>> type hint;
>> file "/etc/bind/db.root";
>> allow-query { "acl_cache_clients"; };
>> };
>>
>> and there is my logs :
>> Jan 26 10:28:06 titou named[12721]: starting BIND 9.2.4 -u bind
>> Jan 26 10:28:06 titou named[12721]: using 2 CPUs
>> Jan 26 10:28:06 titou named[12721]: loading configuration from
>> '/etc/bind/named.conf'
>> Jan 26 10:28:06 titou named[12721]: /etc/bind/named.conf:19: option
>> 'allow-query' is not allowed in 'hint' zone '.'
>> Jan 26 10:28:06 titou named[12721]: loading configuration: failure
>> Jan 26 10:28:06 titou named[12721]: exiting (due to fatal error)
>>
>>
>> I have another bind9 running on another Debian Sarge server, and it
>> works
>> well with same config for the hint zone !!!
>> So what could go wrong with my config ???
>
> Exactly what named said was wrong. Hint "zones" don't accept
> allow-query. Allow-query doesn't make logical sense for a
> hint zone.
The BIND ARM says: "allow-query may also be specified in the zone
statement, in which case it overrides the options allow-query
statement." A "hint" zone is still a zone. It would appear that
having an "allow-query" in a "hint" zone specification would be legal.
(This is not to say that having an "allow-query" in a hint zone would
make any sense though.)
What you are saying is that a "hint" zone specification does not follow
the same specification as a normal zone. Is this correct?
Bill Larson
More information about the bind-users
mailing list