query cache denied in vew statement

Barry Margolin barmar at alum.mit.edu
Sun Sep 26 23:09:38 UTC 2010 

In article <mailman.146.1285538312.555.bind-users at lists.isc.org>,
 "David S." <david at pnyet.web.id> wrote:

> I've removed "additional-from-cache" and restart bind, below part of
> named.conf

You still haven't added 'allow-query-cache { "trusted};};'.

> 
> options {
>         directory "/var/named";
>         allow-transfer { "xfer"; };
>         pid-file "named.pid";
>         listen-on port 53 { any; };
>         statistics-file "named.stats";
>         memstatistics-file "named.memstats";
>         dump-file "named.dump";
>         zone-statistics yes;
>         notify no;
>         transfer-format many-answers;
>         max-transfer-time-in 100;
>         interface-interval 0;
>         allow-query { "trusted"; };
>         blackhole { bogon; };
> };
> 
> view "mynetwork" in {
>         match-clients {"trusted"; };
>         recursion no;
>         allow-transfer { "xfer"; };
> };
> 
> view "internet" in {
>         match-clients { any; };
>         recursion no;
>         allow-transfer  { "xfer"; };
> 
> 
> # tail -f /var/log/named/audit.log
> 
> 28-Sep-2010 04:50:05.012 security: info: client 127.0.0.1#53517: view
> mynetwork: query (cache) 'yahoo.com/A/IN' denied
> 28-Sep-2010 04:56:22.653 security: info: client 127.0.0.1#34194: view
> mynetwork: query (cache) 'kiputih.com/A/IN' denied
> 
> 
> -
> --
> Best regards,
> David
> http://blog.pnyet.web.id
> 
> 
> On 09/27/2010 04:36 AM, Phil Mayers wrote:
> > On 09/26/2010 09:25 PM, David S. wrote:
> >> Dear All,
> >>
> >> I had problem when trying to use "view" class on my named.conf, please
> >> see attached file and below my query log:
> >
> > You've set "additional-from-cache" but not "allow-query-cache" ACL.
> > The default has everyone denied.
> >
> > Do you need to set "additional-from-cache"?
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list