query cache denied in vew statement
Barry Margolin
barmar at alum.mit.edu
Sun Sep 26 23:09:38 UTC 2010
In article <mailman.146.1285538312.555.bind-users at lists.isc.org>,
"David S." <david at pnyet.web.id> wrote:
> I've removed "additional-from-cache" and restart bind, below part of
> named.conf
You still haven't added 'allow-query-cache { "trusted};};'.
>
> options {
> directory "/var/named";
> allow-transfer { "xfer"; };
> pid-file "named.pid";
> listen-on port 53 { any; };
> statistics-file "named.stats";
> memstatistics-file "named.memstats";
> dump-file "named.dump";
> zone-statistics yes;
> notify no;
> transfer-format many-answers;
> max-transfer-time-in 100;
> interface-interval 0;
> allow-query { "trusted"; };
> blackhole { bogon; };
> };
>
> view "mynetwork" in {
> match-clients {"trusted"; };
> recursion no;
> allow-transfer { "xfer"; };
> };
>
> view "internet" in {
> match-clients { any; };
> recursion no;
> allow-transfer { "xfer"; };
>
>
> # tail -f /var/log/named/audit.log
>
> 28-Sep-2010 04:50:05.012 security: info: client 127.0.0.1#53517: view
> mynetwork: query (cache) 'yahoo.com/A/IN' denied
> 28-Sep-2010 04:56:22.653 security: info: client 127.0.0.1#34194: view
> mynetwork: query (cache) 'kiputih.com/A/IN' denied
>
>
> -
> --
> Best regards,
> David
> http://blog.pnyet.web.id
>
>
> On 09/27/2010 04:36 AM, Phil Mayers wrote:
> > On 09/26/2010 09:25 PM, David S. wrote:
> >> Dear All,
> >>
> >> I had problem when trying to use "view" class on my named.conf, please
> >> see attached file and below my query log:
> >
> > You've set "additional-from-cache" but not "allow-query-cache" ACL.
> > The default has everyone denied.
> >
> > Do you need to set "additional-from-cache"?
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list