Re: allow-query and version.bind

On Oct 15, Andris Kalnozols <andris@hpl.hp.com> wrote:

Summary: I'm trying to make version.bind and the other similar labels
available even if options { allow-query { } } restricts queries by
default.

>Here's how we do this at HP Labs:
No luck...

I tried this:

view "chaos" chaos {
match-clients { any; };
allow-query { any; };
allow-recursion { any; };
zone "." {
type hint;
file "/dev/null";
};
};

But now I get a SERVFAIL:

md@wonderland:~$bindver 213.92.8.2
VERSION.BIND TXT record in class CH not found, server failure
md@wonderland:~$

The debugging log is not helpful:

Oct 15 14:43:44.052 client: debug 3: client 151.44.134.16#51090: UDP request
Oct 15 14:43:44.052 client: debug 5: client 151.44.134.16#51090: using view 'chaos'
Oct 15 14:43:44.052 client: debug 3: client 151.44.134.16#51090: query
Oct 15 14:43:44.052 client: debug 10: client 151.44.134.16#51090: ns_client_attach: ref = 1
Oct 15 14:43:44.053 client: debug 3: client 151.44.134.16#51090: replace
Oct 15 14:43:44.053 general: debug 3: clientmgr @0x100ae438: createclients
Oct 15 14:43:44.053 general: debug 3: clientmgr @0x100ae438: recycle
Oct 15 14:43:44.053 resolver: debug 1: createfetch: VERSION.BIND TXT
Oct 15 14:43:44.053 resolver: debug 3: fctx 0x10783270: create
Oct 15 14:43:44.053 client: debug 3: client 151.44.134.16#51090: error
Oct 15 14:43:44.054 client: debug 3: client 151.44.134.16#51090: send
Oct 15 14:43:44.054 client: debug 3: client 151.44.134.16#51090: sendto
Oct 15 14:43:44.054 client: debug 3: client 151.44.134.16#51090: senddone
Oct 15 14:43:44.054 client: debug 3: client 151.44.134.16#51090: next
Oct 15 14:43:44.054 client: debug 10: client 151.44.134.16#51090: ns_client_detach: ref = 0
Oct 15 14:43:44.054 client: debug 3: client 151.44.134.16#51090: endrequest


Your recipe for BIND 8 does not work either, because the loaded zone
masks the RR which are usually generated by BIND.

--
ciao, |
Marco | [8576 caeWxBWD.4/Pk]