Fwd: ip forwarding DNS 9.6.0
Mark Andrews
Mark_Andrews at isc.org
Mon Apr 6 21:17:20 UTC 2009
allow-recursion and allow-query-cache have different defaults.
>From README
New option "allow-query-cache". This lets "allow-query"
be used to specify the default zone access level rather
than having to have every zone override the global value.
"allow-query-cache" can be set at both the options and view
levels. If "allow-query-cache" is not set then "allow-recursion"
is used if set, otherwise "allow-query" is used if set
unless "recursion no;" is set in which case "none;" is used,
otherwise the default (localhost; localnets;) is used.
Mark
In message <CF090150-F1C9-45C7-A4DD-6A5E1C429AE4 at cs.moravian.edu>, myron writes
:
>
> --===============0424927304202673050==
> Content-Type: multipart/alternative; boundary=Apple-Mail-233-881694232
>
>
> --Apple-Mail-233-881694232
> Content-Type: text/plain;
> charset=US-ASCII;
> format=flowed;
> delsp=yes
> Content-Transfer-Encoding: 7bit
>
> I gave the wrong view if that makes the difference. That was the
> internal network.
>
> view "external" {
> match-clients { any; };
> recursion no;
>
> --myron
> =================================
> Myron Kowalski
> MoCoSIN Network/Systems Administrator
> Moravian College
> myron at cs.moravian.edu
>
>
>
> Begin forwarded message:
>
> > From: myron <kowalskM at cs.moravian.edu>
> > Date: April 6, 2009 12:00:55 PM EDT
> > To: bind-users at lists.isc.org
> > Subject: ip forwarding DNS 9.6.0
> >
> > I upgraded from 9.2.3.
> >
> > I can't seem to do forwarding from a browser.
> >
> > Everything works from 9.2.3. When I swap out to 9.6.0, from a
> > command line I
> > can do: nslookup; ping outside the domain; traceroute outside the
> > domain.
> >
> > From a web browser I can get out if I use the ip address. However,
> > when I
> > put in a canonical name get an rcode 5.
> >
> > There's a barracuda spam firewall in the path. If I take it out,
> > then everything works.
> > There's really nothing to change on the barracuda as far as dns is
> > concerned, other
> > than pointing to a dns server.
> >
> > snoop on the wire:
> > 9.6.0
> > barracuda -> ns DNS C www22.verizon.com. Internet Addr ?
> > ns -> barracuda DNS R Error: 5(Refused)
> >
> > 9.2.3
> > barracuda -> ns DNS C www22.verizon.com. Internet Addr ?
> > ns -> barracuda DNS R www22.verizon.com. Internet CNAME
> > www22.verizon.com.edgekey.net.
> >
> > I glanced through the archives and found some suggestions about
> > recursions to ip forwarding. I think the
> > conf is set up correctly. At least, it works fine with 9.2.3.
> >
> > Here's some of my named.conf edited.
> >
> > acl mylab {
> > 10.0.0.0/8;
> > };
> > options {
> > directory "/etc/dns";
> > auth-nxdomain yes;
> > };
> > view "trusted" {
> > match-clients { mylab; };
> > recursion yes;
> > zone "moravian.edu" in {
> > type forward;
> > forwarders { 10.22.5.32; 10.22.5.38; };
> > };
> >
> > Any help appreciated.
> >
> > --myron
> > =================================
> > Myron Kowalski
> > MoCoSIN Network/Systems Administrator
> > Moravian College
> > myron at cs.moravian.edu
> >
> >
> >
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
>
> --Apple-Mail-233-881694232
> Content-Type: text/html;
> charset=US-ASCII
> Content-Transfer-Encoding: quoted-printable
>
> <html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
> -webkit-line-break: after-white-space; ">I gave the wrong view if that =
> makes the difference. That was the internal network.<br><br>view =
> "external" {<br> match-clients { any; };<br> recursion =
> no;<br><div><br class=3D"webkit-block-placeholder"></div><div =
> apple-content-edited=3D"true"> <span class=3D"Apple-style-span" =
> style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
> Helvetica; font-size: 12px; font-style: normal; font-variant: normal; =
> font-weight: normal; letter-spacing: normal; line-height: normal; =
> orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; =
> white-space: normal; widows: 2; word-spacing: 0px; =
> -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
> 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
> auto; -webkit-text-stroke-width: 0; "><div style=3D"word-wrap: =
> break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
> after-white-space; =
> "><div><div>--myron</div><div>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div><div>Myron =
> Kowalski</div><div>MoCoSIN Network/Systems =
> Administrator</div><div>Moravian College</div><div><a =
> href=3D"mailto:myron at cs.moravian.edu">myron at cs.moravian.edu</a></div><div>=
> <br></div></div></div></span><br class=3D"Apple-interchange-newline"> =
> </div><div><br><div>Begin forwarded message:</div><br =
> class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><div><div =
> style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
> margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" color=3D"#000000" =
> style=3D"font: 12.0px Helvetica; color: #000000"><b>From: =
> </b></font><font face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px =
> Helvetica">myron <<a =
> href=3D"mailto:kowalskM at cs.moravian.edu">kowalskM at cs.moravian.edu</a>></fo=
> nt></div><div style=3D"margin-top: 0px; margin-right: 0px; =
> margin-bottom: 0px; margin-left: 0px; "><font face=3D"Helvetica" =
> size=3D"3" color=3D"#000000" style=3D"font: 12.0px Helvetica; color: =
> #000000"><b>Date: </b></font><font face=3D"Helvetica" size=3D"3" =
> style=3D"font: 12.0px Helvetica">April 6, 2009 12:00:55 PM =
> EDT</font></div><div style=3D"margin-top: 0px; margin-right: 0px; =
> margin-bottom: 0px; margin-left: 0px; "><font face=3D"Helvetica" =
> size=3D"3" color=3D"#000000" style=3D"font: 12.0px Helvetica; color: =
> #000000"><b>To: </b></font><font face=3D"Helvetica" size=3D"3" =
> style=3D"font: 12.0px Helvetica"><a =
> href=3D"mailto:bind-users at lists.isc.org">bind-users at lists.isc.org</a></fon=
> t></div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
> 0px; margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" =
> color=3D"#000000" style=3D"font: 12.0px Helvetica; color: =
> #000000"><b>Subject: </b></font><font face=3D"Helvetica" size=3D"3" =
> style=3D"font: 12.0px Helvetica"><b>ip forwarding DNS =
> 9.6.0</b></font></div><div style=3D"margin-top: 0px; margin-right: 0px; =
> margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><br></div> =
> </div><div>I upgraded from 9.2.3.<br><br>I can't seem to do forwarding =
> from a browser.<br><br>Everything works from 9.2.3. When I swap out to =
> 9.6.0, from a command line I<br>can do: nslookup; ping outside the =
> domain; traceroute outside the domain.<br><br>=46rom a web browser I can =
> get out if I use the ip address. However, when I<br>put in a canonical =
> name get an rcode 5.<br><br>There's a barracuda spam firewall in the =
> path. If I take it out, then everything works.<br>There's really nothing =
> to change on the barracuda as far as dns is concerned, other<br>than =
> pointing to a dns server.<br><br>snoop on the =
> wire:<br>9.6.0<br>barracuda -> ns DNS C =
> www22.verizon.com. Internet Addr ?<br> ns -> barracuda DNS R =
> Error: 5(Refused)<br><br>9.2.3<br>barracuda -> ns =
> DNS C www22.verizon.com. Internet Addr ?<br> =
> ns -> barracuda DNS R www22.verizon.com. Internet CNAME =
> www22.verizon.com.edgekey.net.<br><br>I glanced through the archives and =
> found some suggestions about recursions to ip forwarding. I think =
> the<br>conf is set up correctly. At least, it works fine with =
> 9.2.3.<br><br>Here's some of my named.conf edited.<br><br>acl mylab =
> {<br> 10.0.0.0/8;<br>};<br>options =
> {<br> directory =
> "/etc/dns";<br> =
> auth-nxdomain =
> yes;<br>};<br>view "trusted" {<br> match-clients { mylab; =
> };<br> recursion yes;<br> zone "moravian.edu" in {<br> =
> type forward;<br> =
> forwarders { 10.22.5.32; 10.22.5.38; =
> };<br> };<br><br>Any help =
> appreciated.<br><br>--myron<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>Myron =
> Kowalski<br>MoCoSIN Network/Systems Administrator<br>Moravian =
> College<br><a =
> href=3D"mailto:myron at cs.moravian.edu">myron at cs.moravian.edu</a><br><br><br=
> ><br>_______________________________________________<br>bind-users =
> mailing =
> list<br>bind-users at lists.isc.org<br>https://lists.isc.org/mailman/listinfo=
> /bind-users<br></div></blockquote></div><br></body></html>=
>
> --Apple-Mail-233-881694232--
>
> --===============0424927304202673050==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --===============0424927304202673050==--
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list