Views and no answers ...

Bob bob at bjerremose.com
Wed Jul 27 23:18:23 UTC 2011 

These two views are identical in any way I can see, so the fault may be 
in an included configuration file that is not included in your message.

Look for allow-query, allow-recursion or allow-cache statements in your 
other config files.

When using views, I often find it more manageable to move such options 
inside the view definition.

Mvh. / Regards
Bob

On 2011-07-25 16:24, Thomas Schweikle wrote:
> Hi!
>
> I have set up a view for one site. It is bound to change answers as
> necessary for different IP-ranges. It works as far as I could see.
> But with one ip-range there is a problem ...
>
> I can query internal addresses:
> !user at kvm2~# host intweb.example.de
> !web.example.de has address 192.168.180.46
>
> But external ones do not work:
> !user at kvm2:~# host google.com
> !user at kvm2:~#
>
> The host I am trying on has address 192.168.112.4 and I've set up my
> view as:
> !view "ex" {
> !        match-clients { 192.168.112.0/23; };
> !        recursion yes;
> !
> !        include "/etc/named/master/rootns.conf";
> !        include "/etc/named/master/localhost.conf";
> !        include "/etc/named/master/empty.conf";
> !
> !        zone "example.de." {
> !                type master;
> !                allow-transfer { key "mskey"; };
> !                notify no;
> !                file "/etc/named/zhz/fwd.example";
> !        };
> !        zone "112.168.192.in-addr.arpa." {
> !                type master;
> !                allow-transfer { key "mskey"; };
> !                notify no;
> !                file "/etc/named/zin/rev.192.168.1";
> !        };
> !};
>
> !view "in" {
> !        match-clients { 192.168.180.0/23; };
> !        recursion yes;
> !
> !        include "/etc/named/master/rootns.conf";
> !        include "/etc/named/master/localhost.conf";
> !        include "/etc/named/master/empty.conf";
> !
> !        zone "example.de." {
> !                type master;
> !                allow-transfer { key "mskey"; };
> !                notify no;
> !                file "/etc/named/zhz/fwd.example";
> !        };
> !        zone "112.168.192.in-addr.arpa." {
> !                type master;
> !                allow-transfer { key "mskey"; };
> !                notify no;
> !                file "/etc/named/zin/rev.192.168.1";
> !        };
> !};
>
> Any idea why the server resolves internal names, but no external
> ones to view "ex", while it does answer internal and external names
> to view "in"?
> I've set up query logging, but this just tells me queries are
> correctly processed. But not why no answer was sent.
>
> In the server logs I can watch queries from 192.168.180.0/23 tagged
> with "in" and such from 192.168.112.0/23 with "ex". Addresses
> defined by my server are served to both clients "in" and "ex".
> Addresses from others like google.com are only served to clients
> from "in" not to clients from "ex" (server answers NXDOMAIN).
>
>

More information about the bind-users mailing list