split-view DNS not working for my internal zone...
Evert
evert at poboxes.info
Thu Sep 18 20:52:03 UTC 2008
The problem persists after changing the ACL to localnets.
Greetings,
Evert
Kevin Darcy wrote:
> Evert wrote:
>> Hi all,
>>
>> Wrestling a bit with split-view...
>>
>> In my named.conf:
>> -------------------------------------------------
>> view "internal" {
>> match-clients { 192.168.24.10/24; };
>> recursion yes;
>> notify no;
>>
>> zone "." {
>> type hint;
>> file "named.ca";
>> };
>>
>>
>> zone "domain.com" {
>> type master;
>> file "local/domain.com.hosts";
>> };
>> };
>> -------------------------------------------------
>>
>>
>>
>> In local/domain.com.hosts:
>> -------------------------------------------------
>> $TTL 3600
>>
>> www1 IN A 1.2.3.4
>> -------------------------------------------------
>>
>>
>> However, when I try a:
>> nslookup www1.domain.com.
>>
>> I get:
>> -------------------------------------------------
>> Server: 127.0.0.1
>> Address: 127.0.0.1#53
>>
>> ** server can't find www1.domain.com: SERVFAIL
>> -------------------------------------------------
>>
>>
>>
>> The queries.log shows it does go to the correct view:
>> -------------------------------------------------
>> 18-Sep-2008 20:21:18.802 client 127.0.0.1#40414: view internal: query:
>> www1.domain.com IN A +
>> 18-Sep-2008 20:21:18.803 client 127.0.0.1#53315: view internal: query:
>> www1.domain.com IN A +
>> -------------------------------------------------
>>
>>
>> What am I doing wrong here?
>>
>>
> 192.168.24.10/24 is an illegal specification (masking on the first 3
> octets, but with bits in the fourth octet?). Did you perhaps mean
> 192.168.24.0/24?
>
> 127.0.0.1 is neither 192.168.24.10 nor in the 192.168.24.0/24 range
> (depending on what you meant, see above).
>
> You might want to include the built-in ACL "localhost" in the
> match-clients. That ACL includes the addresses of all your local
> interfaces. "localnets" may be even more convenient, but, depending on
> your network configuration and the rest of your config, match more than
> you intend.
>
>
> - Kevin
>
>
More information about the bind-users
mailing list