Troubleshooting Information

Bob McDonald bmcdonaldjr at gmail.com
Thu Aug 27 16:55:01 UTC 2015 

If I set this up as follow, it works.

view bind chaos {
    recursion no;
    allow-query { 127.0.0.1; none; };
    zone  authors.bind ch { type master; database "_builtin authors";  };
    zone hostname.bind ch { type master; database "_builtin hostname"; };
    zone  version.bind ch { type master; database "_builtin version";  };
    zone     id.server ch { type master; database "_builtin id";       };
};

Queries from 127.0.0.1 are answered correctly, queries from anywhere else
are met with a REFUSED reply.

However, the answers show as coming from view "bind" in the statistics.
There is also a view named "_bind" which seems to serve those same zones.
(named won't start if I try to name the view "_bind".)

I can get answers from the zones in view "_bind" if I accept/reject via the
match-clients statement. If I also remove the zones from view "bind", it
returns a SERFAIL to queries for selected devices in that view of class
chaos. I think I understand this last one.

Setting recursion off does not seem to affect the warning message generated
by omitting the root hints zone for class chaos.

Bob


On Wed, Aug 26, 2015 at 5:50 AM, Bob McDonald <bmcdonaldjr at gmail.com> wrote:

> The warning is issued either way (with or without recursion specified).
> But I see the logic in not needing it if recursion is set to no.
>
> Thanks again,
>
> Bob
>
> On Wed, Aug 26, 2015 at 5:45 AM, Tony Finch <dot at dotat.at> wrote:
>
>> Bob McDonald <bmcdonaldjr at gmail.com> wrote:
>> >
>> > I'd still include the hint zone (as I'm partial to not having
>> unnecessary
>> > warnings on startup).
>>
>> The "recursion no" directive means you shouldn't have a hint zone in that
>> view. (I don't know if it will complain about the inconsistency.)
>>
>> > Also a lot of folks use localhost and/or localnets in DNS configuration.
>> > Just from a security standpoint, I prefer to be more specific. localhost
>> > and/or localnets can be much more template friendly, I know.
>>
>> I just used them as placeholders since they are used in the default ACLs
>> :-)
>>
>> Tony.
>> --
>> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
>> Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
>> moderate, but rough in southwest Viking. Showers later. Good, occasionally
>> poor later.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150827/6f2d4f98/attachment-0001.html>

More information about the bind-users mailing list