Troubleshooting Information

Alan Clegg alan at clegg.com
Thu Aug 27 17:19:06 UTC 2015 

Has anyone recommended doing debugging via NSID instead of the CH class
data?

On 8/27/15 12:55 PM, Bob McDonald wrote:
> If I set this up as follow, it works.
> 
> view bind chaos {
>     recursion no;
>     allow-query { 127.0.0.1; none; };
>     zone  authors.bind ch { type master; database "_builtin authors";  };
>     zone hostname.bind ch { type master; database "_builtin hostname"; };
>     zone  version.bind ch { type master; database "_builtin version";  };
>     zone     id.server ch { type master; database "_builtin id";       };
> };
> 
> Queries from 127.0.0.1 are answered correctly, queries from anywhere
> else are met with a REFUSED reply.
> 
> However, the answers show as coming from view "bind" in the statistics.
> There is also a view named "_bind" which seems to serve those same
> zones. (named won't start if I try to name the view "_bind".)
> 
> I can get answers from the zones in view "_bind" if I accept/reject via
> the match-clients statement. If I also remove the zones from view
> "bind", it returns a SERFAIL to queries for selected devices in that
> view of class chaos. I think I understand this last one.
> 
> Setting recursion off does not seem to affect the warning message
> generated by omitting the root hints zone for class chaos.
> 
> Bob
> 
> 
> On Wed, Aug 26, 2015 at 5:50 AM, Bob McDonald <bmcdonaldjr at gmail.com
> <mailto:bmcdonaldjr at gmail.com>> wrote:
> 
>     The warning is issued either way (with or without recursion
>     specified). But I see the logic in not needing it if recursion is
>     set to no.
> 
>     Thanks again,
> 
>     Bob
> 
>     On Wed, Aug 26, 2015 at 5:45 AM, Tony Finch <dot at dotat.at
>     <mailto:dot at dotat.at>> wrote:
> 
>         Bob McDonald <bmcdonaldjr at gmail.com
>         <mailto:bmcdonaldjr at gmail.com>> wrote:
>         >
>         > I'd still include the hint zone (as I'm partial to not having unnecessary
>         > warnings on startup).
> 
>         The "recursion no" directive means you shouldn't have a hint
>         zone in that
>         view. (I don't know if it will complain about the inconsistency.)
> 
>         > Also a lot of folks use localhost and/or localnets in DNS configuration.
>         > Just from a security standpoint, I prefer to be more specific. localhost
>         > and/or localnets can be much more template friendly, I know.
> 
>         I just used them as placeholders since they are used in the
>         default ACLs :-)
> 
>         Tony.
>         --
>         f.anthony.n.finch  <dot at dotat.at <mailto:dot at dotat.at>> 
>         http://dotat.at/
>         Viking, North Utsire: Easterly 4 or 5, increasing 6 at times.
>         Slight or
>         moderate, but rough in southwest Viking. Showers later. Good,
>         occasionally
>         poor later.
> 
> 
> 
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 

-- 
When I do still catch the odd glimpse, it's peripheral; mere fragments
of mad-doctor chrome, confining themselves to the corner of the eye.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 561 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150827/8b8b65fd/attachment.bin>

More information about the bind-users mailing list