Bind 9.4.2 not resolving external names but seemingly only on linux
Chris Buxton
cbuxton at menandmice.com
Wed Jan 16 19:40:51 UTC 2008
My guesses are:
- The Solaris boxes are running an earlier version of BIND 9.4, in
which the default ACL was not applied correctly.
- There is some configuration difference that you didn't catch.
- Somebody modified the source code of the Solaris installation.
Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone: +354 412 1500
Email: cbuxton at menandmice.com
www.menandmice.com
Men & Mice
We bring control and flexibility to network management
This e-mail and its attachments may contain confidential and
privileged information only intended for the person or entity to which
it is addressed. If the reader of this message is not the intended
recipient, you are hereby notified that any retention, dissemination,
distribution or copy of this e-mail is strictly prohibited. If you
have received this e-mail in error, please notify us immediately by
reply e-mail and immediately delete this message and all its attachment.
On Jan 15, 2008, at 8:49 AM, Jeffrey Collyer wrote:
> Chris,
> Thanks for the insight. Recursion is definitely the issue.
>
> However I do not have any config directives in the named.conf
> restricting recursion and the config files are identical (according to
> diff) between the Solaris 8 machine and the Linux box. The Solaris 8
> box seems to be ignoring the new no-recursion default, while the Linux
> box is picking it up.
> By adding an explicit allow-recursion statement to each config I was
> able to get the behavior the same across both machines.
>
> Jeff
>
>
> Chris Buxton wrote:
>> It sounds like perhaps you haven't defined 'allow-recursion' on the
>> Linux server. The default value for this has changed with 9.4.
>>
>> When you say that resolution of internal addresses works fine, is the
>> server authoritative for this data? And are the client machines that
>> try to look up data on the same subnet as the server, or are they
>> on a
>> separate logical subnet?
>>
>> The default now is:
>>
>> allow-recursion { localhost; localnets; };
>> allow-query { any; };
>>
>> Chris Buxton
>> Professional Services
>> Men & Mice
>> Address: Noatun 17, IS-105, Reykjavik, Iceland
>> Phone: +354 412 1500
>> Email: cbuxton at menandmice.com
>> www.menandmice.com
>>
>> Men & Mice
>> We bring control and flexibility to network management
>>
>> This e-mail and its attachments may contain confidential and
>> privileged information only intended for the person or entity to
>> which
>> it is addressed. If the reader of this message is not the intended
>> recipient, you are hereby notified that any retention, dissemination,
>> distribution or copy of this e-mail is strictly prohibited. If you
>> have received this e-mail in error, please notify us immediately by
>> reply e-mail and immediately delete this message and all its
>> attachment.
>>
>>
>>
>> On Jan 14, 2008, at 1:46 PM, Jeffrey Collyer wrote:
>>
>>> So I have 3 nameservers running 9.3.4. Two on Solaris, one on
>>> Linux.
>>> Everything working fine, but I need the "rrset-order fixed"
>>> implementation in 9.4.2 (or whenever it was finished).
>>>
>>> Grabbed the source for 9.4.2 compiled it everywhere. Upgraded the
>>> Solaris boxes, no problem. All resolution works fine.
>>>
>>> I put the new binary in place on the Linux box, and restarted
>>> named. On
>>> the Linux box only, resolution of addresses outside my domain fail.
>>> Resolution of internal addresses works fine.
>>>
>>> Any ideas why the behavior would change just based on the OS?
>>>
>>> The Linux is Ubuntu 6.0.6, so debian with a 2.6.15 kernel.
>>>
>>>
>>> Jeff
>>>
>>>
>
> --
> Jeffrey Collyer
> Hostmaster/CMS Admin
> University of Virginia
> mailto:collyer at virginia.edu
> 434-982-4696
>
>
More information about the bind-users
mailing list