Problems with upgrade to 9.5.1b1
Kirk
bind at kirkb.net
Tue Jul 15 18:01:49 UTC 2008
Rob Tanner wrote:
> I'm running bind 9.3.4 (a Fedora Core distro version) and trying to
> upgrade to (technically, replace it with) 9.5.1b1. I simply ran
> configure (no options) and make and then installed it. Since it
> installs in /usr/local, that doesn't create a problem as I can run one
> version of the other.
> I'm doing initial testing with nslookup and the problem I'm seeing with
> 9.5.1b1 is that while it correctly resolves in all cases for host names
> and IP addresses that are local (i.e., names/addresses for which it's
> authoritative), when I try other lookups, for instance, www.cnn.com,
> nslookup I get different results, depending on whether or not the query
> is coming from a machine in the same address segment is the DNS server.
> Queries coming from machine within the same IP segment as the DNS server
> work fine. Queries coming from machines in different address segments
> get th response:
>
> ** server can't find <host name>: REFUSED
>
> At the same time I get a log entry like:
>
> client 10.219.255.250#39750: view internal: query (cache)
> 'www.cnn.com/A/IN' denied
>
> I get this using the same db files and named.conf file that 9.3.4 runs
> against and I don't have this problem with 9.3.4. I'm assuming that
> it's some sort of configuration issue, but I don't know what. Any
> ideas? Would it help if I posted my named.conf file (or would I
> becreating an issue for mself by making that file public).
There have been changes regarding the defaults on allow-recursion. Carefully
read the BIND 9.5 ARM regarding these new options.
<snip>
allow-recursion
Specifies which hosts are allowed to make recursive queries through this
server. If allow-recursion is not set then allow-query-cache is used if set,
otherwise allow-query is used if set, otherwise the default (localnets;
localhost;) is used.
<snip>
More information about the bind-users
mailing list