Tired of failing DNS queries

Wed Jun 27 12:53:20 UTC 2007

> Hi,
> 
> Any advise? Is this a BIND 9.4.1 bug or is it a problem of BIND 9.4.1 on
> Debian, or is it something else?

	Query access to the cache has been seperated out.

1676.   [func]          New option "allow-query-cache".  This lets
                        allow-query be used to specify the default zone
                        access level rather than having to have every
                        zone override the global value.  allow-query-cache
                        can be set at both the options and view levels.

> > >>> ===========named.conf==============
> > >>> acl badguys {
> > >>>     0.0.0.0/8;
> > >>>     1.0.0.0/8;
> > >>>     2.0.0.0/8;
> > >>>     5.0.0.0/8;
> > >>>     7.0.0.0/8;
> > >>>     10.0.0.0/8;
> > >>>     23.0.0.0/8;
> > >>>     27.0.0.0/8;
> > >>>     31.0.0.0/8;
> > >>>     36.0.0.0/8;
> > >>>     37.0.0.0/8;
> > >>>     39.0.0.0/8;
> > >>>     42.0.0.0/8;
> > >>>     49.0.0.0/8;
> > >>>     50.0.0.0/8;
> > >>>     94.0.0.0/8;
> > >>>     95.0.0.0/8;
> > >>>     100.0.0.0/8;
> > >>>     101.0.0.0/8;
> > >>>     102.0.0.0/8;
> > >>>     103.0.0.0/8;
> > >>>     104.0.0.0/8;
> > >>>     105.0.0.0/8;
> > >>>     106.0.0.0/8;
> > >>>     107.0.0.0/8;
> > >>>     108.0.0.0/8;
> > >>>     109.0.0.0/8;
> > >>>     110.0.0.0/8;
> > >>>     111.0.0.0/8;
> > >>>     112.0.0.0/8;
> > >>>     113.0.0.0/8;
> > >>>     114.0.0.0/8;
> > >>>     115.0.0.0/8;
> > >>>     169.254.0.0/16;
> > >>>     173.0.0.0/8;
> > >>>     174.0.0.0/8;
> > >>>     175.0.0.0/8;
> > >>>     176.0.0.0/8;
> > >>>     177.0.0.0/8;
> > >>>     178.0.0.0/8;
> > >>>     179.0.0.0/8;
> > >>>     180.0.0.0/8;
> > >>>     181.0.0.0/8;
> > >>>     182.0.0.0/8;
> > >>>     183.0.0.0/8;
> > >>>     184.0.0.0/8;
> > >>>     185.0.0.0/8;
> > >>>     186.0.0.0/8;
> > >>>     187.0.0.0/8;
> > >>>     192.0.2.0/24;
> > >>>     197.0.0.0/8;
> > >>>     223.0.0.0/8;
> > >>>     224.0.0.0/3;};
> > >>> acl trusted { 212.71.32.0/19; 213.181.160.0/19; 213.210.192.0/18;
> > >>> 91.151.160/22; 85.129.128.0/17; 84.9.0.0/15; 84.23.96.0/21;
> > >>> 217.145.240.0/20; 81.21.60.0/22; 192.168.1.0/16; 172.16.0.0/16;
> > >>> 89.4.0.0/15; 91.147.128.0/23; 91.147.130.0/24; 193.227.127.0/24;
> > >>> 193.22.249.0/24; };
> > >>> acl secondaries {   192.168.1.101;  192.168.1.102; };
> > >>> options {
> > >>> 	directory "/var/named";
> > >>> 	dump-file "/var/named/data/cache_dump.db";
> > >>> 	pid-file "/var/named/named.pid";
> > >>> 	statistics-file "/var/named/data/named_stats.txt";
> > >>> 	version "Get Lost";
> > >>> 	allow-query { trusted; localhost; };
> > > on BIND bind-9.2.4-16.EL4 this allow query worked and still working
> > > properly. now the same configuration with BIND 9.4.1 and I can  
> > > query the
> > > DNS from non-trusted sources and of course the DNS will reply with the
> > > records if they were cached or refer to the zones name servers if not.
> > > on bind-9.2.4-16.EL4 it says query refused
> 
> 
> 
> 
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org