Tired of failing DNS queries
Mark Andrews
Mark_Andrews at isc.org
Wed Jun 27 12:53:20 UTC 2007
> Hi,
>
> Any advise? Is this a BIND 9.4.1 bug or is it a problem of BIND 9.4.1 on
> Debian, or is it something else?
Query access to the cache has been seperated out.
1676. [func] New option "allow-query-cache". This lets
allow-query be used to specify the default zone
access level rather than having to have every
zone override the global value. allow-query-cache
can be set at both the options and view levels.
> > >>> ===========named.conf==============
> > >>> acl badguys {
> > >>> 0.0.0.0/8;
> > >>> 1.0.0.0/8;
> > >>> 2.0.0.0/8;
> > >>> 5.0.0.0/8;
> > >>> 7.0.0.0/8;
> > >>> 10.0.0.0/8;
> > >>> 23.0.0.0/8;
> > >>> 27.0.0.0/8;
> > >>> 31.0.0.0/8;
> > >>> 36.0.0.0/8;
> > >>> 37.0.0.0/8;
> > >>> 39.0.0.0/8;
> > >>> 42.0.0.0/8;
> > >>> 49.0.0.0/8;
> > >>> 50.0.0.0/8;
> > >>> 94.0.0.0/8;
> > >>> 95.0.0.0/8;
> > >>> 100.0.0.0/8;
> > >>> 101.0.0.0/8;
> > >>> 102.0.0.0/8;
> > >>> 103.0.0.0/8;
> > >>> 104.0.0.0/8;
> > >>> 105.0.0.0/8;
> > >>> 106.0.0.0/8;
> > >>> 107.0.0.0/8;
> > >>> 108.0.0.0/8;
> > >>> 109.0.0.0/8;
> > >>> 110.0.0.0/8;
> > >>> 111.0.0.0/8;
> > >>> 112.0.0.0/8;
> > >>> 113.0.0.0/8;
> > >>> 114.0.0.0/8;
> > >>> 115.0.0.0/8;
> > >>> 169.254.0.0/16;
> > >>> 173.0.0.0/8;
> > >>> 174.0.0.0/8;
> > >>> 175.0.0.0/8;
> > >>> 176.0.0.0/8;
> > >>> 177.0.0.0/8;
> > >>> 178.0.0.0/8;
> > >>> 179.0.0.0/8;
> > >>> 180.0.0.0/8;
> > >>> 181.0.0.0/8;
> > >>> 182.0.0.0/8;
> > >>> 183.0.0.0/8;
> > >>> 184.0.0.0/8;
> > >>> 185.0.0.0/8;
> > >>> 186.0.0.0/8;
> > >>> 187.0.0.0/8;
> > >>> 192.0.2.0/24;
> > >>> 197.0.0.0/8;
> > >>> 223.0.0.0/8;
> > >>> 224.0.0.0/3;};
> > >>> acl trusted { 212.71.32.0/19; 213.181.160.0/19; 213.210.192.0/18;
> > >>> 91.151.160/22; 85.129.128.0/17; 84.9.0.0/15; 84.23.96.0/21;
> > >>> 217.145.240.0/20; 81.21.60.0/22; 192.168.1.0/16; 172.16.0.0/16;
> > >>> 89.4.0.0/15; 91.147.128.0/23; 91.147.130.0/24; 193.227.127.0/24;
> > >>> 193.22.249.0/24; };
> > >>> acl secondaries { 192.168.1.101; 192.168.1.102; };
> > >>> options {
> > >>> directory "/var/named";
> > >>> dump-file "/var/named/data/cache_dump.db";
> > >>> pid-file "/var/named/named.pid";
> > >>> statistics-file "/var/named/data/named_stats.txt";
> > >>> version "Get Lost";
> > >>> allow-query { trusted; localhost; };
> > > on BIND bind-9.2.4-16.EL4 this allow query worked and still working
> > > properly. now the same configuration with BIND 9.4.1 and I can
> > > query the
> > > DNS from non-trusted sources and of course the DNS will reply with the
> > > records if they were cached or refer to the zones name servers if not.
> > > on bind-9.2.4-16.EL4 it says query refused
>
>
>
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list