Evert wrote: > There we have something! :-) > > After modifying domain.com.hosts it works! > Had to add a SOA, etc: > ------------------------------------------------- > $TTL 3600 > > @ IN SOA ns.domain.com. hostmaster.domain.com. ( > 2008091806 > 1800 > 900 > 604800 > 1200 ) > > @ IN NS ns > ns IN A 127.0.0.1 > www1 IN A 1.2.3.4 > ------------------------------------------------- > > I guess the above (excluding the www1) is the absolute minimum for a > master domain? > > Yes, the minimum for an "empty" zone is an SOA RR and 2 NS RRs. BIND will accept a zone with a single NS record at the apex, even though technically that's illegal.
- Kevin > Kevin Darcy wrote: > >> It's not a view problem, apparently. SERVFAIL can be caused by any >> number of things. >> >> Start with the basic stuff. Look at the logs. Did the zone load >> properly? Etc. etc. etc. >> >> >> - Kevin >> >> Evert wrote: >> >>> The problem persists after changing the ACL to localnets. >>> >>> >>> Greetings, >>> Evert >>> >>> Kevin Darcy wrote: >>> >>> >>>> Evert wrote: >>>> >>>> >>>>> Hi all, >>>>> >>>>> Wrestling a bit with split-view... >>>>> >>>>> In my named.conf: >>>>> ------------------------------------------------- >>>>> view "internal" { >>>>> match-clients { 192.168.24.10/24; }; >>>>> recursion yes; >>>>> notify no; >>>>> >>>>> zone "." { >>>>> type hint; >>>>> file "named.ca"; >>>>> }; >>>>> >>>>> >>>>> zone "domain.com" { >>>>> type master; >>>>> file "local/domain.com.hosts"; >>>>> }; >>>>> }; >>>>> ------------------------------------------------- >>>>> >>>>> >>>>> >>>>> In local/domain.com.hosts: >>>>> ------------------------------------------------- >>>>> $TTL 3600 >>>>> >>>>> www1 IN A 1.2.3.4 >>>>> ------------------------------------------------- >>>>> >>>>> >>>>> However, when I try a: >>>>> nslookup www1.domain.com. >>>>> >>>>> I get: >>>>> ------------------------------------------------- >>>>> Server: 127.0.0.1 >>>>> Address: 127.0.0.1#53 >>>>> >>>>> ** server can't find www1.domain.com: SERVFAIL >>>>> ------------------------------------------------- >>>>> >>>>> >>>>> >>>>> The queries.log shows it does go to the correct view: >>>>> ------------------------------------------------- >>>>> 18-Sep-2008 20:21:18.802 client 127.0.0.1#40414: view internal: query: >>>>> www1.domain.com IN A + >>>>> 18-Sep-2008 20:21:18.803 client 127.0.0.1#53315: view internal: query: >>>>> www1.domain.com IN A + >>>>> ------------------------------------------------- >>>>> >>>>> >>>>> What am I doing wrong here? >>>>> >>>>> >>>>> >>>>> >>>> 192.168.24.10/24 is an illegal specification (masking on the first 3 >>>> octets, but with bits in the fourth octet?). Did you perhaps mean >>>> 192.168.24.0/24? >>>> >>>> 127.0.0.1 is neither 192.168.24.10 nor in the 192.168.24.0/24 range >>>> (depending on what you meant, see above). >>>> >>>> You might want to include the built-in ACL "localhost" in the >>>> match-clients. That ACL includes the addresses of all your local >>>> interfaces. "localnets" may be even more convenient, but, depending on >>>> your network configuration and the rest of your config, match more than >>>> you intend. >>>> >>>> >>>> - Kevin >>>> >>>> >>>> >>>> >>> >>> >>> >> > > > > >