view
Steven Carr
sjcarr at gmail.com
Thu Oct 3 21:39:42 UTC 2013
So the reason it's failing is because you don't have a view configured
for the zones contained in /etc/bind/named.conf.default-
zones. If you implement views then all zones must be added to a view.
Edit the /etc/bind/named.conf.default-zones file and insert in the
view statements e.g.
view "internal" {
at the top of the file and an extra closing bracket at the bottom
};
Steve
On 3 October 2013 22:06, Paweł Ch. <pch0317 at gmail.com> wrote:
> When I copy named.conf.default-zones inside "dmz" view in named.conf.local
> then named started but is problem with requested other zone than
> authoritative for this server:
> Served by:
> - M.ROOT-SERVERS.NET
> - A.ROOT-SERVERS.NET
> .
> .
> it is ok?
>
> My conf file are:
>
> # cat named.conf
> // This is the primary configuration file for the BIND DNS server named.
> //
> // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
> // structure of BIND configuration files in Debian, *BEFORE* you customize
> // this configuration file.
> //
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
>
> ------------------------------------------------------------------------------
> # cat named.conf.options
> acl dmz { 10.0.0.0/24; };
>
> options {
> allow-query { any; };
> allow-query-cache { any; };
> directory "/var/cache/bind";
> notify no;
> recursion no;
>
> // If there is a firewall between you and nameservers you want
> // to talk to, you may need to fix the firewall to allow multiple
> // ports to talk. See http://www.kb.cert.org/vuls/id/800113
>
> // If your ISP provided one or more IP addresses for stable
> // nameservers, you probably want to use them as forwarders.
> // Uncomment the following block, and insert the addresses replacing
> // the all-0's placeholder.
>
> // forwarders {
> // 0.0.0.0;
> // };
>
> auth-nxdomain no; # conform to RFC1035
> listen-on-v6 { any; };
>
> rrset-order {
> class IN type A name "aaaaaaaaaaaaa" order fixed;
> class IN type A name "aaaaaaaaaaaaa" order fixed;
> class IN type A name "aaaaaaaaaaaaa" order fixed;
> class IN type A name "aaaaaaaaaaaaa" order fixed;
> };
> };
>
> logging {
> channel update_debug {
> file "/var/log/update_debug.log" versions 3 size 100k;
> severity debug;
> print-severity yes;
> print-time yes;
> };
> channel security_info {
> file "/var/log/security_info.log" versions 1 size 100k;
> severity info;
> print-severity yes;
> print-time yes;
> };
> channel bind_log {
> file "/var/log/bind.log" versions 3 size 1m;
> severity info;
> print-category yes;
> print-severity yes;
> print-time yes;
> };
>
> category default { bind_log; };
> category lame-servers { null; };
> category update { update_debug; };
> category update-security { update_debug; };
> category security { security_info; };
> };
>
> ------------------------------------------------------------------------------
> # cat named.conf.local
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> //include "/etc/bind/zones.rfc1918";
>
> view "dmz" {
>
> zone "aaaaaaaaaaaaa"
> {
> type master;
> file "/etc/bind/db.aaaaaaaaaaaaa";
> allow-query { any; };
> allow-transfer { a.a.a.a; a.a.a.a; };
> };
>
> .
> .
> output ommited
> .
> .
>
> zone "aaaaaaaaaaaaa"
> {
> type master;
> file "/etc/bind/db.aaaaaaaaaaaaa";
> allow-query { any; };
> allow-transfer { a.a.a.a; a.a.a.a; };
> };
> };
>
> ------------------------------------------------------------------------------
> # cat named.conf.default-zones
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
>
> // be authoritative for the localhost forward and reverse zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
>
>
> On 3 October 2013 19:55, Steven Carr <sjcarr at gmail.com> wrote:
>>
>> Please post your full named.conf config file (you can obfuscate any
>> sensitive information).
>>
>> Steve
>>
>>
>> On 3 October 2013 18:53, Paweł Ch. <pch0317 at gmail.com> wrote:
>> > Hi list
>> >
>> > I have problem with views in bind9 on debian 6. I configured server like
>> > here https://wiki.debian.org/Bind9 and it works. When i add entry: view
>> > "dmz" { match-clients { 10.0.0.0/24; }; }; bind9 can't start.
>> >
>> > What I can do to solve problem?
>> >
>> > Thanks
>> >
>> > _______________________________________________
>> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> > unsubscribe from this list
>> >
>> > bind-users mailing list
>> > bind-users at lists.isc.org
>> > https://lists.isc.org/mailman/listinfo/bind-users
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
>
More information about the bind-users
mailing list