[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: named on lenny

Leonardo Boselli wrote:
> After udate to lenny two DNS stopped workin, better, they bagan to have a
> behaviour  "a la SMTP" .
> hosts are in a.b.c.0/24 .
> if a query arrive from an host in their localnet all ok, otherwise if the
> querying machine is outside their localnet[s] the they supply the address
> only if the supplied address in in a zone for which they are
> official primary or secondary DNS.
> otherwise no lich and in the log i find:
> Mar  7 23:37:25 mydnsserver named[2248]: client 
>      151.16.***.***#34363: query
>      (cache) 'www.google.it/A/IN' denied
> i copied etch configuration files ... did i make some error ?
> they have to supply dns service to everyone.

Have a look into your named.conf.options. You might have some ACL that
are set to allow recursion ONLY for authoritative zones (which is a good
thing by the way). Here is mine:

auth-nxdomain no;    # conform to RFC1035
allow-transfer  { "gplhostnetwork";};
allow-recursion { localhost; "gplhostnetwork"; };

Then on top, I have something like this:

acl "gplhostnetwork" { {
	x.y.z.0/21;;     // myself, just to be sure; // nic.fr, for ZoneCheck;     // ripe

Do something similar and you will be good... (of course, don't write
x.y.z, replace it by your network...)


Reply to: