possible bug...?

Mark Andrews Mark_Andrews at isc.org
Fri Nov 14 08:28:20 UTC 2008 

In message <200811140758.mAE7wX78015095 at metis.hicks-net.net>, Gregory Hicks writ
es:
> Greetings:
> 
> Wonder if anyone else has noticed this?
> 
> Running BIND-9.5.0-P2 on a Solaris 9 boxen.  Saw Daniel Dawalibi's note
> on server status and wondered what MY server was doing...  Ran "rndc
> status" and got this:
> 
> metis% rndc status
> version: 9.5.0-P2
> number of zones: 22
> debug level: 0
> xfers running: 0
> xfers deferred: 0
> soa queries in progress: 0
> query logging is ON
> recursive clients: 0/0/1000
> tcp clients: 0/100
> server is up and running
> 
> Saw the number of zones and wondered "Where the HECK do they all come
> from?" because just serving my own two domains in two views shouldn't
> add up to 22...  (I'll attach my named.conf below - inline.)  Counted
> the zones.  Only 11:
> 
> metis% grep -i zone named.conf
>  zone "0.0.127.in-addr.arpa" in {
>  zone "hicks-net.net" in {
>  zone "hicks-net.org" in {
>  zone "96-111.55.139.64.in-addr.arpa" {
>  zone "." in {
>  zone "10.in-addr.arpa" in {
>  zone "uc8010.com" IN {
>  zone "ucmal.com" IN {
>  zone "hicks-net.net" in {
>  zone "hicks-net.org" in {
>  zone "96-111.55.139.64.in-addr.arpa" {
> 
> So...?  Where DO the number of zones I'm serving come from?

	Named has added a number of zones to the trusted view.
	They wern't added to the external view as recursion is
	disabled in it.

static const struct {
        const char      *zone;
        isc_boolean_t   rfc1918;
} empty_zones[] = {
#ifdef notyet
        /* RFC 1918 */
        { "10.IN-ADDR.ARPA", ISC_TRUE },
        { "16.172.IN-ADDR.ARPA", ISC_TRUE },
        { "17.172.IN-ADDR.ARPA", ISC_TRUE },
        { "18.172.IN-ADDR.ARPA", ISC_TRUE },
        { "19.172.IN-ADDR.ARPA", ISC_TRUE },
        { "20.172.IN-ADDR.ARPA", ISC_TRUE },
        { "21.172.IN-ADDR.ARPA", ISC_TRUE },
        { "22.172.IN-ADDR.ARPA", ISC_TRUE },
        { "23.172.IN-ADDR.ARPA", ISC_TRUE },
        { "24.172.IN-ADDR.ARPA", ISC_TRUE },
        { "25.172.IN-ADDR.ARPA", ISC_TRUE },
        { "26.172.IN-ADDR.ARPA", ISC_TRUE },
        { "27.172.IN-ADDR.ARPA", ISC_TRUE },
        { "28.172.IN-ADDR.ARPA", ISC_TRUE },
        { "29.172.IN-ADDR.ARPA", ISC_TRUE },
        { "30.172.IN-ADDR.ARPA", ISC_TRUE },
        { "31.172.IN-ADDR.ARPA", ISC_TRUE },
        { "168.192.IN-ADDR.ARPA", ISC_TRUE },
#endif

        /* RFC 3330 */
        { "0.IN-ADDR.ARPA", ISC_FALSE },        /* THIS NETWORK */
        { "127.IN-ADDR.ARPA", ISC_FALSE },      /* LOOPBACK */
        { "254.169.IN-ADDR.ARPA", ISC_FALSE },  /* LINK LOCAL */
        { "2.0.192.IN-ADDR.ARPA", ISC_FALSE },  /* TEST NET */
        { "255.255.255.255.IN-ADDR.ARPA", ISC_FALSE },  /* BROADCAST */

        /* Local IPv6 Unicast Addresses */
        { "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.AR
PA", ISC_FALSE },
        { "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.AR
PA", ISC_FALSE },
        /* LOCALLY ASSIGNED LOCAL ADDRES S SCOPE */
        { "D.F.IP6.ARPA", ISC_FALSE },
        { "8.E.F.IP6.ARPA", ISC_FALSE },        /* LINK LOCAL */
        { "9.E.F.IP6.ARPA", ISC_FALSE },        /* LINK LOCAL */
        { "A.E.F.IP6.ARPA", ISC_FALSE },        /* LINK LOCAL */
        { "B.E.F.IP6.ARPA", ISC_FALSE },        /* LINK LOCAL */

        { NULL, ISC_FALSE }
};

> 
> Regards,
> Gregory Hicks
> 
> My /etc/named.conf.  (Yes, I KNOW that the in-addr.arpa doesn't work.
> I haven't got with the ISP to get the in-addr's delegated.)
> 
> acl internal { 64.139.55.96/28; localhost; };
> 
> logging {
>   channel example_log {
>    file "/var/log/named.log" versions 3 size 2m;
>    severity info;
>    print-severity yes;
>    print-time yes;
>    print-category yes;
>  };
>   channel "security" {
>    file "/var/log/named.sec" versions 3 size 2m ;
>    severity info;
>    print-severity yes ;
>    print-category yes ;
>    print-time yes ;
> };
> 
>   channel "queries" {
>    file "/var/log/named.queries" versions 3 size 2m ;
>    severity info ;
>    print-severity yes ;
>    print-category yes ;
>    print-time yes ;
> };
> 
>  category default {
>   example_log;
>  };
> 
>  category security {
>   security;
>   default_syslog;
>   default_debug;
>  };
> 
>  category queries {
>   queries;
>   default_syslog ;
>   default_debug;
>  };
> 
> };
> 
> options {
>  	directory	 "/var/yp/nameserver";
> 
> 	};
> 
> # Use with the following in named.conf, adjusting the allow list as 
> needed:
>  key "rndc-key" {
> 	algorithm hmac-md5;
> 	secret "XmXmXmXmXmXmXmXmXmXmXmXm";
>  };
>  
>  controls {
> 	inet 127.0.0.1 port 953
> 		allow { 127.0.0.1; } keys { "rndc-key"; };
> };
> 
> view "trusted" {
>  match-clients { "internal"; };
>  recursion yes;
> 
>  zone "0.0.127.in-addr.arpa" in {
> 	type master;
> 	file "db.127.0.0";
> 	notify no;
> };
> 
>  zone "hicks-net.net" in {
> 	type master;
> 	file "db.hicks-net.net";
> 	allow-update { none; };
> 	allow-transfer { 87.98.164.164; 195.234.42.1; };
> };
> 
>  zone "hicks-net.org" in {
> 	type master;
> 	file "db.hicks-net.org";
> 	allow-update { none; };
> 	allow-transfer { 87.98.164.164; 195.234.42.1; };
> };
> 
>  zone "96-111.55.139.64.in-addr.arpa" {
> 	type master ;
> 	file "db.96-111.55.139.64.in-addr" ;
> 	allow-update { none; };
> };
> 
>  zone "." in {
> 	type hint;
> 	file "db.cache";
> };
> 
>  zone "10.in-addr.arpa" in {
> 	type master;
> 	file "db.10";
> 	allow-update { none; };
> };
> 
>  zone "uc8010.com" IN {
> 	type master;
> 	file "db.uc8010.com";
> 	allow-update { none; };
> };
> 
>  zone "ucmal.com" IN {
> 	type master;
> 	file "db.uc8010.com";
> 	allow-update { none; };
> };
> 
> }; // End of internal or trusted view
> 
> view "external" {
>  match-clients { "any"; };
>  recursion no;
> 
>  zone "hicks-net.net" in {
> 	type master;
> 	file "db.hicks-net.net";
> 	allow-update { none; };
> 	allow-transfer { 87.98.164.164; 195.234.42.1; };
> };
> 
>  zone "hicks-net.org" in {
> 	type master;
> 	file "db.hicks-net.org";
> 	allow-update { none; };
> 	allow-transfer { 87.98.164.164; 195.234.42.1; };
> };
> 
>  zone "96-111.55.139.64.in-addr.arpa" {
> 	type master ;
> 	file "db.96-111.55.139.64.in-addr" ;
> 	allow-update { none; };
> };
> }; // End of external view
> 
> 
> ---------------------------------------------------------------------
> Gregory Hicks                           | Principal Systems Engineer
>                                         | Direct:   408.569.7928
> 
> People sleep peaceably in their beds at night only because rough men
> stand ready to do violence on their behalf -- George Orwell
> 
> The price of freedom is eternal vigilance.  -- Thomas Jefferson
> 
> "The best we can hope for concerning the people at large is that they
> be properly armed." --Alexander Hamilton
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list