Debug refused recursive queries
Jon Kibler
jon.r.kibler at gmail.com
Fri Nov 14 13:44:25 UTC 2008
Hi,
RE: BIND 9.5.0-P2 on CentOS 5.2
I have an issue where I have an apparent mistake in the lock down of
my name servers.
I have limited what systems can send queries to a given server.
Looking at packet captures, everything should be working. However, I
keep getting 'REFUSED' returned for authoritative queries to this
authoritative name server.
Is there any way that I can get BIND to tell me:
-- The IP addresses allowed to query each zone?
-- The IP addresses allowed to query each view?
-- The IP addresses allowed to query the server?
Also, I have an apparent issue where I have something set up wrong in
logging. Here is the config:
logging {
channel "file_debug" {
file "/files/auth_debug.txt" ;
severity dynamic ;
print-category yes ;
print-severity yes ;
print-time yes ;
} ;
...
} ;
category default { log_info ; file_debug ; } ;
However, when I set the debug level up (I have gone as high as 9), I
do not see anything logged in the file. The file exists and is owned
by the chroot-ed user and has perms of 600.
What I have done wrong here?
Also, what category and at what debug level would log:
-- Why client query was refused?
-- What ACLs were applied to each view and zone?
TIA for all help!!
JonK
--
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC USA
o: 843-849-8214
More information about the bind-users
mailing list