Allowing recursive queries of 'static-stub' zones
Enrico Scholz
enrico.scholz at sigma-chemnitz.de
Wed Jan 28 17:39:10 UTC 2015
Hi,
I am trying to setup a nameserver which:
a) allows recursive queries from certain clients only, but
b) provides responses for a static-stub zone (which is used to return
PTR records for an RFC2317 setup)
Although I have set 'allow-query { any; };' in the static-stub zone, I
get a REFUSED for clients not enabled in a).
E.g. assuming a configuration of
---------
options {
directory "/var/named";
allow-query { 127.0.0.1; };
};
zone "de" in {
type static-stub;
allow-query { any; };
server-addresses { 192.168.8.195; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-query { any; };
};
---------
["de" and "localhost" zones are for demonstration only; "de" is some
"in-addr.arpa." zone in reality and "localhost" a real zone; the ip in
"server-addresses" is some local dns server].
When doing queries from the client which are allowed in the global
options, I get
| $ dig -tsoa localhost de. @127.0.0.1
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50218
| localhost. 86400 IN SOA localhost. ...
| -
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33256
| de. 83797 IN SOA f.nic.de. ...
But when coming from another client, 'de.' queries are REFUSED:
| $ dig -tsoa localhost de. @`hostname`
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20230
| localhost. 86400 IN SOA localhost.
| -
| ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 11403
| ;de. IN SOA
[tested with bind-9.9.6-6.P1.fc21.x86_64 from Fedora 21 and
bind-9.9.4-14.el7_0.1.x86_64 from RHEL7]
How can I enable recursive queries for 'static-stub' zones?
Enrico
More information about the bind-users
mailing list