Odd config problem
Hans Vallden
hans at vallden.com
Mon May 18 09:30:14 UTC 2009
Hello all,
I use the secure BIND template by Rob Thomas (http://www.cymru.com/Documents/secure-bind-template.html
). I have had a peculiar problem with this template conf, which I have
not been able to resolve. My problem is that some slave zones return
REFUSED when queried from the external view for ANY records while
others return the expected values. For example:
dig @194.86.83.21 ruoka.fi ANY
returns nothing, but when queried from master zone:
dig @194.86.83.27 ruoka.fi ANY
returns expected values. Furthermore, a seemingly identical zone (see
complete zone configs below) for another domain returns expected
values from both servers:
dig @194.86.83.21 tri.fi ANY <- slave
dig @194.86.83.27 tri.fi ANY <- master
I have so far figured out that changing the external view
configuration options 'additional-from-auth' and 'additional-from-
cache' both to 'yes' will cure the problem. However, I don't see the
logic and I take it that's not really a desirable cure either. :) My
BIND version is 9.4.3.
Cheers,
$ORIGIN .
$TTL 38400 ; 10 hours 40 minutes
tri.fi IN SOA ns.kirnauskis.com. hostmaster.kirnauskis.com. (
1146160445 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
38400 ; minimum (10 hours 40 minutes)
)
NS ns.kirnauskis.com.
NS ns2.kirnauskis.com.
MX 0 smtp.kirnauskis.com.
TXT "v=spf1 mx ip4:194.86.83.27 ip4:194.86.83.28 ip4:194.86.83.30
ip4:194.86.83.31 ip4:194.86.83.32 -all"
$ORIGIN tri.fi.
www A 194.86.83.31
$ORIGIN .
$TTL 38400 ; 10 hours 40 minutes
ruoka.fi IN SOA ns.kirnauskis.com. hostmaster.kirnauskis.com. (
2004090608 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
432000 ; expire (5 days)
38400 ; minimum (10 hours 40 minutes)
)
NS ns.kirnauskis.com.
NS ns2.kirnauskis.com.
MX 0 smtp.kirnauskis.com.
TXT "v=spf1 ~all"
$ORIGIN ruoka.fi.
www A 194.86.83.32
--
Hans Vallden
hans at vallden.com
skype: hans.vallden
More information about the bind-users
mailing list