Problems with upgrade to 9.5.1b1

[Kirk]

Rob Tanner wrote:
> I'm running bind 9.3.4 (a Fedora Core distro version) and trying to 
> upgrade to (technically, replace it with) 9.5.1b1.  I simply ran 
> configure (no options) and make and then installed it.  Since it 
> installs in /usr/local, that doesn't create a problem as I can run one 
> version of the other.
> I'm doing initial testing with nslookup and the problem I'm seeing with 
> 9.5.1b1 is that while it correctly resolves in all cases for host names 
> and IP addresses that are local (i.e., names/addresses for which it's 
> authoritative), when I try other lookups, for instance, www.cnn.com, 
> nslookup I get different results, depending on whether or not the query 
> is coming from a machine in the same address segment is the DNS server.  
> Queries coming from machine within the same IP segment as the DNS server 
> work fine.  Queries coming from machines in different address segments 
> get th response:
> 
>                   ** server can't find <host name>: REFUSED
> 
> At the same time I get a log entry like:
> 
>    client 10.219.255.250#39750: view internal: query (cache) 
> 'www.cnn.com/A/IN' denied
> 
> I get this using the same db files and named.conf file that 9.3.4 runs 
> against and I don't have this problem with 9.3.4.  I'm assuming that 
> it's some sort of configuration issue, but I don't know what.  Any 
> ideas?  Would it help if I posted my named.conf file (or would I 
> becreating an issue for mself by making that file public).


There have been changes regarding the defaults on allow-recursion.  Carefully 
read the BIND 9.5 ARM regarding these new options.

<snip>
allow-recursion

     Specifies which hosts are allowed to make recursive queries through this 
server. If allow-recursion is not set then allow-query-cache is used if set, 
otherwise allow-query is used if set, otherwise the default (localnets; 
localhost;) is used.
<snip>