hint zone conflicts with allow-query statement !

[Mark Andrews]

> On Jan 26, 2006, at 2:40 PM, Mark Andrews wrote:
> 
> >
> >> Hi, I'm in trouble with a bind9.2.4 server running on Debian Sarge 
> >> server
> >> :
> >>
> >>
> >> acl "acl_cache_clients" { 127.0.0.0/8; localnet; };
> >>
> >> zone "." {
> >>         type hint;
> >>         file "/etc/bind/db.root";
> >>         allow-query { "acl_cache_clients"; };
> >> };
> >>
> >> and there is my logs :
> >> Jan 26 10:28:06 titou named[12721]: starting BIND 9.2.4 -u bind
> >> Jan 26 10:28:06 titou named[12721]: using 2 CPUs
> >> Jan 26 10:28:06 titou named[12721]: loading configuration from
> >> '/etc/bind/named.conf'
> >> Jan 26 10:28:06 titou named[12721]: /etc/bind/named.conf:19: option
> >> 'allow-query' is not allowed in 'hint' zone '.'
> >> Jan 26 10:28:06 titou named[12721]: loading configuration: failure
> >> Jan 26 10:28:06 titou named[12721]: exiting (due to fatal error)
> >>
> >>
> >> I have another bind9 running on another Debian Sarge server, and it 
> >> works
> >> well with same config for the hint zone !!!
> >> So what could go wrong with my config ???
> >
> > 	Exactly what named said was wrong.  Hint "zones" don't accept
> > 	allow-query.  Allow-query doesn't make logical sense for a
> > 	hint zone.
> 
> The BIND ARM says: "allow-query may also be specified in the zone 
> statement, in which case it overrides the options allow-query 
> statement."  A "hint" zone is still a zone.  It would appear that 
> having an "allow-query" in a "hint" zone specification would be legal.  
> (This is not to say that having an "allow-query" in a hint zone would 
> make any sense though.)
> 
> What you are saying is that a "hint" zone specification does not follow 
> the same specification as a normal zone.  Is this correct?
> 
> Bill Larson

	Hint, forward and stub are not real zones.

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org