Res wrote:
> Is that the only difference or just main difference? IOW, why not just
> allow the "trusted" ACL members to do recursive, it'll shorten things a
> lot.
Well, that's the most important difference to me. If you look at the
config from the email archives there are some other differences such as
additional-from-auth/cache, provide-ixfr, allow-transfer, and some zone
file differences. Some of those would allow a list as an argument but I
don't think all of them do, do they? My main goal was to limit
recursion to our clients only and provide root hints for the non-trusted
queries. There were a few other less important differences too.
> options {
> <snip>
> allow-recursion { trusted; };
> };
>
> What does messages file say?
It reports that the updated zone was loaded into the trusted view but
doesn't mention the non-trusted or chaos zones (I forgot about the 3rd
chaos zone). It also bitches about journal file since I have the config
set up to allow IXFRs but am manually editing the zone files instead of
using nsupdate. That shouldn't be a problem though, IMHO. It just
means IXFRs are broken so XFRs run as AXFRs. This is confirmed by the
next 2 lines where my slave AXFRs the updated zone.
Nov 12 23:39:39 maple1 named[12813]: reloading zones succeeded
Nov 12 23:39:39 maple1 named[12813]: zone zone.net/IN/trusted: loaded
serial 2008111206
Nov 12 23:39:39 maple1 named[12813]: zone zone.net/IN/trusted: sending
notifies (serial 2008111206)
Nov 12 23:39:39 maple1 named[12813]: malformed transaction:
my/my-zones/zone.net.master.jnl last serial 2008111206 != transaction
Nov 12 23:39:39 maple1 named[12813]: client aaa.bbb.ccc.ddd#44588: view
trusted: transfer of 'zone.net/IN': AXFR started
Nov 12 23:39:39 maple1 named[12813]: client aaa.bbb.ccc.ddd#44588: view
trusted: transfer of 'zone.net/IN': AXFR ended
Should I the zone loaded into 2 different zones like what I see when
named first starts up? I see both trusted and non-trusted zone loading
entries then.
Thanks
Justin
