Issue with recursion in a view

[Barry Margolin]

In article <mailman.19.1279633805.15649.bind-users at lists.isc.org>,
 James Chase <chase1124 at gmail.com> wrote:

> Hi,
> 
> I have two views, one for a specific range of 8 IP's on the internet and one
> view for "any" inluding internal servers. In my main named.conf I have
> allowed recursion to specific hosts, including all of the hosts in both
> views (which are specific using ACL's).
> 
> I can use recursion on this server from any of the IP's which are in the
> default view (matching "any" IP) but the IPs in the other view (the 8 IP's
> on the internet) do not work. It doesn't give me an access denied message in
> dig, it just times out. I have tested this by taking the 8 IP's out of the
> view and then they do recursion just fine. I have also tried adding the
> allow recursion line with specific IPs to the view where recursion doesn't
> work but this did not help.
> 
> Adding to the interest is that I have a second DNS server (the master
> server) on the same network with the same ACL and views setup and behind the
> same external firewall, with the same rules on the external firewall and the
> internal firewall where recursion works just fine! Also the two servers are
> clones of each other.
> 
> I'm on 64 bit version of CentOS 5.5 with bind packge:
> 
> bind-9.3.6-4.P1.el5_4.2
> bind-chroot-9.3.6-4.P1.el5_4.2
> 
> Thanks,
> James

Can the clients make non-recursive queries to the server?

If you're getting a timeout, it sounds like a firewall is blocking the 
queries and/or the replies, and it doesn't seem like that would be 
specific to recursive queries.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***