ip forwarding DNS 9.6.0
myron
kowalskM at cs.moravian.edu
Tue Apr 7 12:05:36 UTC 2009
I started reading up on Kirk's suggestions of the allow-*** settings.
In the global options level
I put
options {
directory "/etc/dns";
allow-query-cache { any; };
allow-query { any; };
auth-nxdomain yes;
};
and that definitely worked. By no means do I understand the paragraph
below from the README.
I need to mull over it for a while and determine where the options
should go, whether globally or in a view
and whether "any" is the right setting.
Thanks for all the help.
--myron
=================================
Myron Kowalski
MoCoSIN Network/Systems Administrator
Moravian College
myron at cs.moravian.edu
On Apr 6, 2009, at 5:17 PM, Mark Andrews wrote:
>
> allow-recursion and allow-query-cache have different defaults.
>
> From README
>
> New option "allow-query-cache". This lets "allow-query"
> be used to specify the default zone access level rather
> than having to have every zone override the global value.
> "allow-query-cache" can be set at both the options and view
> levels. If "allow-query-cache" is not set then "allow-
> recursion"
> is used if set, otherwise "allow-query" is used if set
> unless "recursion no;" is set in which case "none;" is used,
> otherwise the default (localhost; localnets;) is used.
>
>
> Mark
>
> In message <CF090150-F1C9-45C7-A4DD-6A5E1C429AE4 at cs.moravian.edu>,
> myron writes
> :
>>
>> --===============0424927304202673050==
>> Content-Type: multipart/alternative; boundary=Apple-
>> Mail-233-881694232
>>
>>
>> --Apple-Mail-233-881694232
>> Content-Type: text/plain;
>> charset=US-ASCII;
>> format=flowed;
>> delsp=yes
>> Content-Transfer-Encoding: 7bit
>>
>> I gave the wrong view if that makes the difference. That was the
>> internal network.
>>
>> view "external" {
>> match-clients { any; };
>> recursion no;
>>
>> --myron
>> =================================
>> Myron Kowalski
>> MoCoSIN Network/Systems Administrator
>> Moravian College
>> myron at cs.moravian.edu
>>
>>
>>
>> Begin forwarded message:
>>
>>> From: myron <kowalskM at cs.moravian.edu>
>>> Date: April 6, 2009 12:00:55 PM EDT
>>> To: bind-users at lists.isc.org
>>> Subject: ip forwarding DNS 9.6.0
>>>
>>> I upgraded from 9.2.3.
>>>
>>> I can't seem to do forwarding from a browser.
>>>
>>> Everything works from 9.2.3. When I swap out to 9.6.0, from a
>>> command line I
>>> can do: nslookup; ping outside the domain; traceroute outside the
>>> domain.
>>>
>>> From a web browser I can get out if I use the ip address. However,
>>> when I
>>> put in a canonical name get an rcode 5.
>>>
>>> There's a barracuda spam firewall in the path. If I take it out,
>>> then everything works.
>>> There's really nothing to change on the barracuda as far as dns is
>>> concerned, other
>>> than pointing to a dns server.
>>>
>>> snoop on the wire:
>>> 9.6.0
>>> barracuda -> ns DNS C www22.verizon.com. Internet Addr ?
>>> ns -> barracuda DNS R Error: 5(Refused)
>>>
>>> 9.2.3
>>> barracuda -> ns DNS C www22.verizon.com. Internet Addr ?
>>> ns -> barracuda DNS R www22.verizon.com. Internet CNAME
>>> www22.verizon.com.edgekey.net.
>>>
>>> I glanced through the archives and found some suggestions about
>>> recursions to ip forwarding. I think the
>>> conf is set up correctly. At least, it works fine with 9.2.3.
>>>
>>> Here's some of my named.conf edited.
>>>
>>> acl mylab {
>>> 10.0.0.0/8;
>>> };
>>> options {
>>> directory "/etc/dns";
>>> auth-nxdomain yes;
>>> };
>>> view "trusted" {
>>> match-clients { mylab; };
>>> recursion yes;
>>> zone "moravian.edu" in {
>>> type forward;
>>> forwarders { 10.22.5.32; 10.22.5.38; };
>>> };
>>>
>>> Any help appreciated.
>>>
>>> --myron
>>> =================================
>>> Myron Kowalski
>>> MoCoSIN Network/Systems Administrator
>>> Moravian College
>>> myron at cs.moravian.edu
>>>
>>>
>>>
>>> _______________________________________________
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>> --Apple-Mail-233-881694232
>> Content-Type: text/html;
>> charset=US-ASCII
>> Content-Transfer-Encoding: quoted-printable
>>
>> <html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode:
>> space; =
>> -webkit-line-break: after-white-space; ">I gave the wrong view if
>> that =
>> makes the difference. That was the internal network.<br><br>view =
>> "external" {<br> match-clients { any; };<br> recursion =
>> no;<br><div><br class=3D"webkit-block-placeholder"></div><div =
>> apple-content-edited=3D"true"> <span class=3D"Apple-style-span" =
>> style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-
>> family: =
>> Helvetica; font-size: 12px; font-style: normal; font-variant:
>> normal; =
>> font-weight: normal; letter-spacing: normal; line-height: normal; =
>> orphans: 2; text-align: auto; text-indent: 0px; text-transform:
>> none; =
>> white-space: normal; widows: 2; word-spacing: 0px; =
>> -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-
>> spacing: =
>> 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-
>> adjust: =
>> auto; -webkit-text-stroke-width: 0; "><div style=3D"word-wrap: =
>> break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
>> after-white-space; =
>> "><div><div>--myron</
>> div><div>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</
>> div><div>Myron =
>> Kowalski</div><div>MoCoSIN Network/Systems =
>> Administrator</div><div>Moravian College</div><div><a =
>> href=3D"mailto:myron at cs.moravian.edu">myron at cs.moravian.edu</a></
>> div><div>=
>> <br></div></div></div></span><br class=3D"Apple-interchange-
>> newline"> =
>> </div><div><br><div>Begin forwarded message:</div><br =
>> class=3D"Apple-interchange-newline"><blockquote
>> type=3D"cite"><div><div =
>> style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
>> margin-left: 0px; "><font face=3D"Helvetica" size=3D"3"
>> color=3D"#000000" =
>> style=3D"font: 12.0px Helvetica; color: #000000"><b>From: =
>> </b></font><font face=3D"Helvetica" size=3D"3" style=3D"font:
>> 12.0px =
>> Helvetica">myron <<a =
>> href=3D"mailto:kowalskM at cs.moravian.edu">kowalskM at cs.moravian.edu</
>> a>></fo=
>> nt></div><div style=3D"margin-top: 0px; margin-right: 0px; =
>> margin-bottom: 0px; margin-left: 0px; "><font face=3D"Helvetica" =
>> size=3D"3" color=3D"#000000" style=3D"font: 12.0px Helvetica;
>> color: =
>> #000000"><b>Date: </b></font><font face=3D"Helvetica" size=3D"3" =
>> style=3D"font: 12.0px Helvetica">April 6, 2009 12:00:55 PM =
>> EDT</font></div><div style=3D"margin-top: 0px; margin-right: 0px; =
>> margin-bottom: 0px; margin-left: 0px; "><font face=3D"Helvetica" =
>> size=3D"3" color=3D"#000000" style=3D"font: 12.0px Helvetica;
>> color: =
>> #000000"><b>To: </b></font><font face=3D"Helvetica" size=3D"3" =
>> style=3D"font: 12.0px Helvetica"><a =
>> href=3D"mailto:bind-users at lists.isc.org">bind-users at lists.isc.org</
>> a></fon=
>> t></div><div style=3D"margin-top: 0px; margin-right: 0px; margin-
>> bottom: =
>> 0px; margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" =
>> color=3D"#000000" style=3D"font: 12.0px Helvetica; color: =
>> #000000"><b>Subject: </b></font><font face=3D"Helvetica" size=3D"3" =
>> style=3D"font: 12.0px Helvetica"><b>ip forwarding DNS =
>> 9.6.0</b></font></div><div style=3D"margin-top: 0px; margin-right:
>> 0px; =
>> margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><br></
>> div> =
>> </div><div>I upgraded from 9.2.3.<br><br>I can't seem to do
>> forwarding =
>> from a browser.<br><br>Everything works from 9.2.3. When I swap out
>> to =
>> 9.6.0, from a command line I<br>can do: nslookup; ping outside the =
>> domain; traceroute outside the domain.<br><br>=46rom a web browser
>> I can =
>> get out if I use the ip address. However, when I<br>put in a
>> canonical =
>> name get an rcode 5.<br><br>There's a barracuda spam firewall in
>> the =
>> path. If I take it out, then everything works.<br>There's really
>> nothing =
>> to change on the barracuda as far as dns is concerned,
>> other<br>than =
>> pointing to a dns server.<br><br>snoop on the =
>> wire:<br>9.6.0<br>barracuda -> ns DNS C =
>> www22.verizon.com. Internet Addr ?<br> ns -> barracuda
>> DNS R =
>> Error: 5(Refused)<br><br>9.2.3<br>barracuda -> ns =
>> DNS C www22.verizon.com. Internet Addr ?
>> <br> =
>> ns -> barracuda DNS R www22.verizon.com. Internet CNAME =
>> www22.verizon.com.edgekey.net.<br><br>I glanced through the
>> archives and =
>> found some suggestions about recursions to ip forwarding. I think =
>> the<br>conf is set up correctly. At least, it works fine with =
>> 9.2.3.<br><br>Here's some of my named.conf edited.<br><br>acl mylab =
>> {<br>
>> 10.0.0.0/8;<br>};<br>options =
>> {<br> directory =
>> "/etc/dns";<br> =
>> auth-nxdomain =
>> yes;<br>};<br>view "trusted" {<br> match-clients
>> { mylab; =
>> };<br> recursion yes;<br> zone "moravian.edu" in {<br> =
>> type forward;<br> =
>> forwarders { 10.22.5.32;
>> 10.22.5.38; =
>> };<br> };<br><br>Any help =
>> appreciated.<br><br>--
>> myron<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>Myron =
>> Kowalski<br>MoCoSIN Network/Systems Administrator<br>Moravian =
>> College<br><a =
>> href=3D"mailto:myron at cs.moravian.edu">myron at cs.moravian.edu</
>> a><br><br><br=
>>> <br>_______________________________________________<br>bind-users =
>> mailing =
>> list<br>bind-users at lists.isc.org<br>https://lists.isc.org/mailman/listinfo=
>> /bind-users<br></div></blockquote></div><br></body></html>=
>>
>> --Apple-Mail-233-881694232--
>>
>> --===============0424927304202673050==
>> Content-Type: text/plain; charset="us-ascii"
>> MIME-Version: 1.0
>> Content-Transfer-Encoding: 7bit
>> Content-Disposition: inline
>>
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>> --===============0424927304202673050==--
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list