Re: named on lenny
Leonardo Boselli wrote:
> After udate to lenny two DNS stopped workin, better, they bagan to have a
> behaviour "a la SMTP" .
> hosts are in a.b.c.0/24 .
> if a query arrive from an host in their localnet all ok, otherwise if the
> querying machine is outside their localnet[s] the they supply the address
> only if the supplied address in in a zone for which they are
> official primary or secondary DNS.
> otherwise no lich and in the log i find:
>
> Mar 7 23:37:25 mydnsserver named[2248]: client
> 151.16.***.***#34363: query
> (cache) 'www.google.it/A/IN' denied
>
> i copied etch configuration files ... did i make some error ?
>
> they have to supply dns service to everyone.
Have a look into your named.conf.options. You might have some ACL that
are set to allow recursion ONLY for authoritative zones (which is a good
thing by the way). Here is mine:
auth-nxdomain no; # conform to RFC1035
allow-transfer { "gplhostnetwork";};
allow-recursion { localhost; "gplhostnetwork"; };
Then on top, I have something like this:
acl "gplhostnetwork" { {
x.y.z.0/21;
127.0.0.1; // myself, just to be sure
192.134.4.0/24; // nic.fr, for ZoneCheck
193.0.0.63; // ripe
};
};
Do something similar and you will be good... (of course, don't write
x.y.z, replace it by your network...)
Thomas
Reply to: