Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Bind resolves no external addresses
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
cybermans
Apprentice
Apprentice


Joined: 04 Apr 2003
Posts: 193
PostPosted: Tue May 03, 2005 7:46 am    Post subject: Bind resolves no external addresses Reply with quote
Hi,
Bind is once again driving me nuts. It resolves the addresses that are in the database but it refuses outside addresses like cnn.com, gentoo.org etc.

Tried like everything.
the 62.58.50.5 dns server is the one from the isp, when I put it in /etc/resolve.conf it works (not bind).
The O'reilly book didnt helped me out.
anyone an idea what is wrong?

Code:

acl "LOCALNET" { 128.1.0.0/16; 127.0.0.1/32; };

acl "DMZ" { 172.16.100.0/24; 192.168.100.0/24; };

options {
        directory "/var/bind";
        pid-file "/var/run/named/named.pid";

        check-names master fail;
        check-names response ignore;

        #forward first;
        forward only;
        forwarders { 62.58.50.5; };
        #forwarders { 62.58.62.132; 62.58.94.130; };
        #forwarders { 172.16.100.10; };
        #forwarders { 62.58.94.138; };
        #forwarders { 198.41.0.4; };
        query-source address * port 53;
        listen-on { 128.1.0.0/16; 172.16.100.100; 127.0.0.1; 62.58.165.253;  };

        allow-query { "LOCALNET"; "DMZ"; };

};

view "internal" {

        match-clients { "LOCALNET"; };

        dlz "Mysql zone" {
                database "mysql
                {host=127.0.0.1 dbname=networksettings user=someuser pass=somepass ssl=false}
                {select z.origin from dns_records r left join dns_zones z on z.id=r.id_zones where z.origin = '%zone%' and (r.view='any' or r.view='internal')}
                {select r.ttl, r.type, r.mx_priority, case when lower(r.type)='txt' then concat('\"', r.data, '\"')
                        when lower(r.type) = 'soa' then concat_ws(' ', r.data, z.resp_person, z.serial, z.refresh, z.retry, z.expire, z.minimum)
                        else r.data end from dns_records r left join dns_zones z on z.id=r.id_zones where z.origin = '%zone%' and r.host = '%record%' and (r.view='any' or r.view='internal') }";
        };

        zone "0.0.127.IN-ADDR.ARPA" {
                type master;
                file "0.0.127.in-addr.arpa.zone";
        };

        zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
                type master;
                file "localhost.rev";
        };

        zone  "showsoft.nl" {
                type forward;
                forwarders { 192.168.100.2; };
        };

        zone "." {
        type hint;
        file "root.cache";
        };

};

view "dmz" {

        match-clients { "DMZ"; };


        zone "." {
        type hint;
        file "root.cache";
        };

        dlz "Mysql zone" {
                database "mysql
                {host=127.0.0.1 dbname=networksettings user=someuser pass=somepass ssl=false}
                {select z.origin from dns_records r left join dns_zones z on z.id=r.id_zones where z.origin = '%zone%' and (r.view='any' or r.view='dmz')}
                {select r.ttl, r.type, r.mx_priority, case when lower(r.type)='txt' then concat('\"', r.data, '\"')
                        when lower(r.type) = 'soa' then concat_ws(' ', r.data, z.resp_person, z.serial, z.refresh, z.retry, z.expire, z.minimum)
                        else r.data end from dns_records r left join dns_zones z on z.id=r.id_zones where z.origin = '%zone%' and r.host = '%record%' and ( r.view='any' or r.view='dmz') }";
        };

        zone  "showsoft.nl" {
                type forward;
                forwarders { 192.168.100.2; };
        };
};

view "external" {

        match-clients { any; };
        recursion no;

        dlz "Mysql zone" {
                #type slave;
                #masters { 172.16.100.10; };
                database "mysql
                {host=127.0.0.1 dbname=networksettings user=someuser pass=somepass ssl=false}
                {select z.origin from dns_records r left join dns_zones z on z.id=r.id_zones where z.origin = '%zone%' and (r.view='any' or r.view='external')}
                {select r.ttl, r.type, r.mx_priority, case when lower(r.type)='txt' then concat('\"', r.data, '\"')
                        when lower(r.type) = 'soa' then concat_ws(' ', r.data, z.resp_person, z.serial, z.refresh, z.retry, z.expire, z.minimum)
                        else r.data end from dns_records r left join dns_zones z on z.id=r.id_zones where z.origin = '%zone%' and r.host = '%record%' and ( r.view='any' or r.view='external') }";
                };

};

logging {
    channel update_debug {
                file "/var/log/update-debug.log";
                severity  debug 3;
                print-category yes;
                print-severity yes;
                print-time     yes;
    };
    channel security_info {
                file "/var/log/named-auth.info";
                severity  info;
                print-category yes;
                print-severity yes;
                print-time     yes;
    };
    channel debug {
                file "/var/log/named-debug.log";
                severity  debug 3;
               print-category yes;
                print-severity yes;
                print-time     yes;
    };

    category default { debug; };
    #category update { update_debug; };
    category security { security_info; };
};

_________________
My weBlog
Linux compability list (hardware)
Back to top
View user's profile Send private message
kashani
Advocate
Advocate


Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
PostPosted: Tue May 03, 2005 4:13 pm    Post subject: Reply with quote
I'd add this line to your config.

Code:

allow-recursion { "LOCALNET"; "DMZ"; };


You're already allowing queries which covers local records, but you need to allow recursive queries which are queries that are outside of the local records.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy