About query response on a view

Barry S. Finkel bsfinkel at att.net
Wed Dec 9 16:03:54 UTC 2015 

  Okan Bostan <bostanok at itu.edu.tr> wrote:
> Hello List,
>
> We are planning to migrate to Bind dns, I'm a bit newbie.
>
> In our design we have two views; int and ext.
> As internal view, recursion is on and we have our internal zones & forwarders. I have no problem with internal view.
>
> In external view, recursion in no. Also have some zones. In testing external view, I can query the records in zones, thats not a problem also.
>
> But when I try to query, for examplewww.google.com<http://www.google.com>  it returns the root servers records by dig.
>
> ;; QUESTION SECTION:
> ;ww.                            IN      A
>
> ;; AUTHORITY SECTION:
> .                       518400  IN      NS      D.ROOT-SERVERS.NET.
> .                       518400  IN      NS      M.ROOT-SERVERS.NET.
> .                       518400  IN      NS      C.ROOT-SERVERS.NET.
> .                       518400  IN      NS      J.ROOT-SERVERS.NET.
> .                       518400  IN      NS      G.ROOT-SERVERS.NET.
> .                       518400  IN      NS      H.ROOT-SERVERS.NET.
> .                       518400  IN      NS      I.ROOT-SERVERS.NET.
> .                       518400  IN      NS      L.ROOT-SERVERS.NET.
> .                       518400  IN      NS      F.ROOT-SERVERS.NET.
> .                       518400  IN      NS      K.ROOT-SERVERS.NET.
> .                       518400  IN      NS      A.ROOT-SERVERS.NET.
> .                       518400  IN      NS      B.ROOT-SERVERS.NET.
> .                       518400  IN      NS      E.ROOT-SERVERS.NET.
>
> And status: NOERROR
>
> also in nslookup:
>
> Name:www.google.com
> Served by:
> - E.ROOT-SERVERS.NET
>
> - F.ROOT-SERVERS.NET
>
> - J.ROOT-SERVERS.NET
>
> - G.ROOT-SERVERS.NET
>
> - D.ROOT-SERVERS.NET
>
> - C.ROOT-SERVERS.NET
>
> - A.ROOT-SERVERS.NET
>
>
> But in our existing DNS enviroment, I get  status: SERVFAIL to same query.
>
> Is this a normal behaviour ? How can I disable this Authority section with root server NS records?
>
> My external view:
>
> view "EXTERNAL" {
>
>          match-clients {"any";};
>          allow-query-on {ext_ip; };
>
>          recursion  no;
>          allow-recursion { none;};
>
>
>          #Include SLAVE zones
>          include "slave.zones";
>
>          #Include REVERSE zones
>          include "reverse.zones";
>
>
>
> };// view EXTERNAL
>
> Regards,
>
> Okan.

Something got lost in "translation".

 > But when I try to query, for example
 > www.google.com<http://www.google.com>

Did you really type "dig www.google.com"?

 > ;; QUESTION SECTION:
 > ;ww.                            IN      A

According to dig, you queried "ww.".
And the output of dig is correct - there is no DNS entry
with that name, and the authority section contains the
root servers, as it is those servers which would have
contained the zone, had it existed.

You did not give us the unedited output of "dig".

--Barry Finkel

More information about the bind-users mailing list