query cache denied in vew statement
David S.
david at pnyet.web.id
Sun Sep 26 21:58:14 UTC 2010
I've removed "additional-from-cache" and restart bind, below part of
named.conf
options {
directory "/var/named";
allow-transfer { "xfer"; };
pid-file "named.pid";
listen-on port 53 { any; };
statistics-file "named.stats";
memstatistics-file "named.memstats";
dump-file "named.dump";
zone-statistics yes;
notify no;
transfer-format many-answers;
max-transfer-time-in 100;
interface-interval 0;
allow-query { "trusted"; };
blackhole { bogon; };
};
view "mynetwork" in {
match-clients {"trusted"; };
recursion no;
allow-transfer { "xfer"; };
};
view "internet" in {
match-clients { any; };
recursion no;
allow-transfer { "xfer"; };
# tail -f /var/log/named/audit.log
28-Sep-2010 04:50:05.012 security: info: client 127.0.0.1#53517: view
mynetwork: query (cache) 'yahoo.com/A/IN' denied
28-Sep-2010 04:56:22.653 security: info: client 127.0.0.1#34194: view
mynetwork: query (cache) 'kiputih.com/A/IN' denied
-
--
Best regards,
David
http://blog.pnyet.web.id
On 09/27/2010 04:36 AM, Phil Mayers wrote:
> On 09/26/2010 09:25 PM, David S. wrote:
>> Dear All,
>>
>> I had problem when trying to use "view" class on my named.conf, please
>> see attached file and below my query log:
>
> You've set "additional-from-cache" but not "allow-query-cache" ACL.
> The default has everyone denied.
>
> Do you need to set "additional-from-cache"?
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list