possible bug...?
Mark Andrews
Mark_Andrews at isc.org
Fri Nov 14 08:28:20 UTC 2008
In message <200811140758.mAE7wX78015095 at metis.hicks-net.net>, Gregory Hicks writ
es:
> Greetings:
>
> Wonder if anyone else has noticed this?
>
> Running BIND-9.5.0-P2 on a Solaris 9 boxen. Saw Daniel Dawalibi's note
> on server status and wondered what MY server was doing... Ran "rndc
> status" and got this:
>
> metis% rndc status
> version: 9.5.0-P2
> number of zones: 22
> debug level: 0
> xfers running: 0
> xfers deferred: 0
> soa queries in progress: 0
> query logging is ON
> recursive clients: 0/0/1000
> tcp clients: 0/100
> server is up and running
>
> Saw the number of zones and wondered "Where the HECK do they all come
> from?" because just serving my own two domains in two views shouldn't
> add up to 22... (I'll attach my named.conf below - inline.) Counted
> the zones. Only 11:
>
> metis% grep -i zone named.conf
> zone "0.0.127.in-addr.arpa" in {
> zone "hicks-net.net" in {
> zone "hicks-net.org" in {
> zone "96-111.55.139.64.in-addr.arpa" {
> zone "." in {
> zone "10.in-addr.arpa" in {
> zone "uc8010.com" IN {
> zone "ucmal.com" IN {
> zone "hicks-net.net" in {
> zone "hicks-net.org" in {
> zone "96-111.55.139.64.in-addr.arpa" {
>
> So...? Where DO the number of zones I'm serving come from?
Named has added a number of zones to the trusted view.
They wern't added to the external view as recursion is
disabled in it.
static const struct {
const char *zone;
isc_boolean_t rfc1918;
} empty_zones[] = {
#ifdef notyet
/* RFC 1918 */
{ "10.IN-ADDR.ARPA", ISC_TRUE },
{ "16.172.IN-ADDR.ARPA", ISC_TRUE },
{ "17.172.IN-ADDR.ARPA", ISC_TRUE },
{ "18.172.IN-ADDR.ARPA", ISC_TRUE },
{ "19.172.IN-ADDR.ARPA", ISC_TRUE },
{ "20.172.IN-ADDR.ARPA", ISC_TRUE },
{ "21.172.IN-ADDR.ARPA", ISC_TRUE },
{ "22.172.IN-ADDR.ARPA", ISC_TRUE },
{ "23.172.IN-ADDR.ARPA", ISC_TRUE },
{ "24.172.IN-ADDR.ARPA", ISC_TRUE },
{ "25.172.IN-ADDR.ARPA", ISC_TRUE },
{ "26.172.IN-ADDR.ARPA", ISC_TRUE },
{ "27.172.IN-ADDR.ARPA", ISC_TRUE },
{ "28.172.IN-ADDR.ARPA", ISC_TRUE },
{ "29.172.IN-ADDR.ARPA", ISC_TRUE },
{ "30.172.IN-ADDR.ARPA", ISC_TRUE },
{ "31.172.IN-ADDR.ARPA", ISC_TRUE },
{ "168.192.IN-ADDR.ARPA", ISC_TRUE },
#endif
/* RFC 3330 */
{ "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */
{ "127.IN-ADDR.ARPA", ISC_FALSE }, /* LOOPBACK */
{ "254.169.IN-ADDR.ARPA", ISC_FALSE }, /* LINK LOCAL */
{ "2.0.192.IN-ADDR.ARPA", ISC_FALSE }, /* TEST NET */
{ "255.255.255.255.IN-ADDR.ARPA", ISC_FALSE }, /* BROADCAST */
/* Local IPv6 Unicast Addresses */
{ "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.AR
PA", ISC_FALSE },
{ "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.AR
PA", ISC_FALSE },
/* LOCALLY ASSIGNED LOCAL ADDRES S SCOPE */
{ "D.F.IP6.ARPA", ISC_FALSE },
{ "8.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
{ "9.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
{ "A.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
{ "B.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
{ NULL, ISC_FALSE }
};
>
> Regards,
> Gregory Hicks
>
> My /etc/named.conf. (Yes, I KNOW that the in-addr.arpa doesn't work.
> I haven't got with the ISP to get the in-addr's delegated.)
>
> acl internal { 64.139.55.96/28; localhost; };
>
> logging {
> channel example_log {
> file "/var/log/named.log" versions 3 size 2m;
> severity info;
> print-severity yes;
> print-time yes;
> print-category yes;
> };
> channel "security" {
> file "/var/log/named.sec" versions 3 size 2m ;
> severity info;
> print-severity yes ;
> print-category yes ;
> print-time yes ;
> };
>
> channel "queries" {
> file "/var/log/named.queries" versions 3 size 2m ;
> severity info ;
> print-severity yes ;
> print-category yes ;
> print-time yes ;
> };
>
> category default {
> example_log;
> };
>
> category security {
> security;
> default_syslog;
> default_debug;
> };
>
> category queries {
> queries;
> default_syslog ;
> default_debug;
> };
>
> };
>
> options {
> directory "/var/yp/nameserver";
>
> };
>
> # Use with the following in named.conf, adjusting the allow list as
> needed:
> key "rndc-key" {
> algorithm hmac-md5;
> secret "XmXmXmXmXmXmXmXmXmXmXmXm";
> };
>
> controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { "rndc-key"; };
> };
>
> view "trusted" {
> match-clients { "internal"; };
> recursion yes;
>
> zone "0.0.127.in-addr.arpa" in {
> type master;
> file "db.127.0.0";
> notify no;
> };
>
> zone "hicks-net.net" in {
> type master;
> file "db.hicks-net.net";
> allow-update { none; };
> allow-transfer { 87.98.164.164; 195.234.42.1; };
> };
>
> zone "hicks-net.org" in {
> type master;
> file "db.hicks-net.org";
> allow-update { none; };
> allow-transfer { 87.98.164.164; 195.234.42.1; };
> };
>
> zone "96-111.55.139.64.in-addr.arpa" {
> type master ;
> file "db.96-111.55.139.64.in-addr" ;
> allow-update { none; };
> };
>
> zone "." in {
> type hint;
> file "db.cache";
> };
>
> zone "10.in-addr.arpa" in {
> type master;
> file "db.10";
> allow-update { none; };
> };
>
> zone "uc8010.com" IN {
> type master;
> file "db.uc8010.com";
> allow-update { none; };
> };
>
> zone "ucmal.com" IN {
> type master;
> file "db.uc8010.com";
> allow-update { none; };
> };
>
> }; // End of internal or trusted view
>
> view "external" {
> match-clients { "any"; };
> recursion no;
>
> zone "hicks-net.net" in {
> type master;
> file "db.hicks-net.net";
> allow-update { none; };
> allow-transfer { 87.98.164.164; 195.234.42.1; };
> };
>
> zone "hicks-net.org" in {
> type master;
> file "db.hicks-net.org";
> allow-update { none; };
> allow-transfer { 87.98.164.164; 195.234.42.1; };
> };
>
> zone "96-111.55.139.64.in-addr.arpa" {
> type master ;
> file "db.96-111.55.139.64.in-addr" ;
> allow-update { none; };
> };
> }; // End of external view
>
>
> ---------------------------------------------------------------------
> Gregory Hicks | Principal Systems Engineer
> | Direct: 408.569.7928
>
> People sleep peaceably in their beds at night only because rough men
> stand ready to do violence on their behalf -- George Orwell
>
> The price of freedom is eternal vigilance. -- Thomas Jefferson
>
> "The best we can hope for concerning the people at large is that they
> be properly armed." --Alexander Hamilton
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list