my secondary ns won't answer external queries
This is a discussion on my secondary ns won't answer external queries within the Bind Users forums, part of the DNS and Related Forums category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The server is running bind 9.3.0 Due to my cluelessness, it is ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-13-2004
|
|||
|
|||
my secondary ns won't answer external queries
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 The server is running bind 9.3.0 Due to my cluelessness, it is having to be a master in some places where it should be a slave as my dmz isn't really settled down yet. That said, It works fine for internal clients, but refuses queries externally. it is ns2.avwashington.com at 199.227.4.38, here is the named.conf (truncated for space, hence the and so on comment) One can connect to port 53 with telnet, so it isn't a firewall issue, (I think), perhaps it is something else. If anyone spots anything obvious, please let me know. Thanks kindly - --chipper //src /etc/named.conf ver 3.0 20031205 //generated out of cmefford@avwashington.com leaking brain acl secondaries { ~ 127.0.0.1/32; ~ 199.227.4.32/27; }; acl internal-clients { ~ 127.0.0.1/32; ~ 192.168.0.0/24; ~ 199.227.4.32/27; }; acl "bogus" { 224.254.254.254; }; logging { ~ channel named_syslog { ~ syslog daemon; ~ severity info; ~ }; ~ channel bind_stuff { ~ file "/var/log/named"; ~ severity debug; ~ }; ~ category default { named_syslog; }; ~ category statistics { named_syslog; bind_stuff; }; ~ category queries { bind_stuff; }; }; options { ~ directory "/var/named"; ~ /* ~ * If there is a firewall between you and nameservers you want ~ * to talk to, you might need to uncomment the query-source ~ * directive below. Previous versions of BIND always asked ~ * questions using port 53, but BIND 8.1 uses an unprivileged ~ * port by default. ~ */ ~ // query-source address * port 53; ~ blackhole { "bogus"; }; ~ allow-transfer { secondaries; }; ~ pid-file "/var/run/named/named.pid"; }; view "internal" { ~ match-clients { internal-clients; }; ~ recursion yes; ~ zone "0.168.192.in-addr.arpa" IN { ~ type slave; ~ file "internal/slave/db.192.168.0"; ~ masters { ~ 199.227.4.60; }; ~ }; ~ zone "avwashington.com" IN { ~ type master; ~ file "internal/master/internal.avwashington.com"; ~ allow-update { none; }; ~ }; ~ zone "4.227.199.in-addr.arpa" IN { ~ type master; ~ file "external/master/4.227.199.in-addr.arpa"; ~ allow-update { none; }; ~ }; //And so on, }; view "external" { ~ match-clients { !internal_clients; any; }; ~ recursion no; ~ zone "." IN { ~ type hint; ~ file "named.ca"; ~ }; ~ zone "localhost" IN { ~ type master; ~ file "localhost.zone"; ~ allow-update { none; }; ~ }; ~ zone "0.0.127.in-addr.arpa" IN { ~ type master; ~ file "named.local"; ~ allow-update { none; }; ~ }; ~ zone "avwashington.com" IN { ~ type master; ~ file "external/master/avwashington.com"; ~ allow-update { none; }; ~ }; ~ zone "4.227.199.in-addr.arpa" IN { ~ type master; ~ file "external/master/4.227.199.in-addr.arpa"; ~ allow-update { none; }; ~ }; //and so on }; -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBbX3ja44x14FCa6ARAipqAKCPTWA1pAORo0oo7T2tR6 s6WpCx2gCdHHlK Ejg6q3KiIi8O8nHNqdWxjyM= =O1IK -----END PGP SIGNATURE----- 
|
Linear Mode
