Question About Recursion In A Split Horizon Setup
Bob Harold
rharolde at umich.edu
Fri Apr 17 12:26:52 UTC 2020
On Thu, Apr 16, 2020 at 7:17 PM Tim Daneliuk <tundra at tundraware.com> wrote:
> We have split horizon setup and enable our internal and trusted hosts
> to do things as follows:
>
> allow-recursion { trustedhosts; };
> allow-transfer { trustedhosts; };
>
> 'trustedhosts' includes a number of public facing IPs as well as the
> 192.168.0/24 CIDR block. It also includes the IPs of the Master and
> Slave bind servers.
>
> So here's the part that has me wondering. If I do a reverse lookup of
> an IP, it works as expected _except_ if I do it on either the Master
> or Slave machines. They will not only look up reverses on our
> own IPs, they won't do it for ANY IP and returns the warning:
>
> WARNING: recursion requested but not available
>
> This is replicable with 9.14 or 9.16 (or was until today's assert borkage)
> running on FreeBSD 11.3-STABLE. Master is on a cloud server, Slave is
> on a physical machine. Neither instance is jailed.
>
> Ideas?
>
> --
>
> ----------------------------------------------------------------------------
> Tim Daneliuk tundra at tundraware.com
> PGP Key: http://www.tundraware.com/PGP/
Is 127.0.0.1 in the 'trustedhosts' list?
Are you telling 'dig' what server to use - dig @127.0.0.1
What servers are listed in /etc/resolv.conf? Do they resolve the reverse
zones?
Are local queries hitting the right 'view' (if you have multiple views) ?
--
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200417/423b50cd/attachment.htm>
More information about the bind-users
mailing list