Views and no answers ...

Thomas Schweikle tps at vr-web.de
Mon Jul 25 14:24:32 UTC 2011 

Hi!

I have set up a view for one site. It is bound to change answers as
necessary for different IP-ranges. It works as far as I could see.
But with one ip-range there is a problem ...

I can query internal addresses:
!user at kvm2~# host intweb.example.de
!web.example.de has address 192.168.180.46

But external ones do not work:
!user at kvm2:~# host google.com
!user at kvm2:~#

The host I am trying on has address 192.168.112.4 and I've set up my
view as:
!view "ex" {
!        match-clients { 192.168.112.0/23; };
!        recursion yes;
!
!        include "/etc/named/master/rootns.conf";
!        include "/etc/named/master/localhost.conf";
!        include "/etc/named/master/empty.conf";
!
!        zone "example.de." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zhz/fwd.example";
!        };
!        zone "112.168.192.in-addr.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zin/rev.192.168.1";
!        };
!};

!view "in" {
!        match-clients { 192.168.180.0/23; };
!        recursion yes;
!
!        include "/etc/named/master/rootns.conf";
!        include "/etc/named/master/localhost.conf";
!        include "/etc/named/master/empty.conf";
!
!        zone "example.de." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zhz/fwd.example";
!        };
!        zone "112.168.192.in-addr.arpa." {
!                type master;
!                allow-transfer { key "mskey"; };
!                notify no;
!                file "/etc/named/zin/rev.192.168.1";
!        };
!};

Any idea why the server resolves internal names, but no external
ones to view "ex", while it does answer internal and external names
to view "in"?
I've set up query logging, but this just tells me queries are
correctly processed. But not why no answer was sent.

In the server logs I can watch queries from 192.168.180.0/23 tagged
with "in" and such from 192.168.112.0/23 with "ex". Addresses
defined by my server are served to both clients "in" and "ex".
Addresses from others like google.com are only served to clients
from "in" not to clients from "ex" (server answers NXDOMAIN).


-- 
Thomas

More information about the bind-users mailing list