On 5/23/23 12:47, Matus UHLAR - fantomas wrote:
On 23.05.23 12:22, Kaya Saman wrote:
I've got a very strange problem that has emerged somehow after
migrating my isp.
My setup previously used 2x servers in master/slave configuration for
my public "view" and then had 3x servers for the "internal" view.
This was working fine for years and I have been regularly testing
using online dns healthcheck sites such as mxtoolbox etc...
Now when I try to run any type of check from mxtoolbox or other site
eg. https://dnschecker.org/ I am getting my private IP's showing
instead of the public ones?
Initially it started off by my external zone files not transferring
which I managed to see that the information was trying to traverse my
NAT (I know, not the best practice to have all dns servers on the
same network).
As a result external emails from my mail server are not working too
well with a hit and miss type thing going on right now.
Just to go over, my zone files are fine as the 'external' ones only
have public ip addresses in them and do not include any type of
internal addressing whatsoever.
Here's an example of the config in named.conf for the master:
view "external" {
match-clients { !internals; any; };
[...]
view "external" {
match-clients { !internals; any; };
I don't see your definition of "internals".
Also, I don't see your definition of internal view.
if internal IP addresses are visible on the internet, obviously the
internet sources fall into your internal view, not into this one.
Hi, I omitted those but here they are:
acl internals {
127.0.0.0/8;
192.168.0.0/16;
172.16.0.0/12;
10.0.0.0/8;
};
// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
disable-empty-zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
disable-empty-zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.
// The traditional root hints mechanism. Use this, OR the slave zones below.
zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
zone "localhost" { type master; file
"/usr/local/etc/namedb/master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
zone "0.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/localhost-reverse.db"; };
// "This" Network (RFCs 1912, 5735 and 6303)
zone "0.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// Private Use Networks (RFCs 1918, 5735 and 6303)
zone "10.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "16.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "17.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "18.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "19.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "20.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "21.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "22.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "23.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "24.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "25.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "26.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "27.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "28.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "29.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "30.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "31.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "168.192.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// Shared Address Space (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "65.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "66.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "67.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "68.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "69.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "70.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "71.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "72.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "73.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "74.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "75.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "76.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "77.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "78.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "79.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "80.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "81.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "82.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "83.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "84.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "85.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "86.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "87.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "88.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "89.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "90.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "91.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "92.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "93.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "94.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "95.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "96.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "97.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "98.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "99.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "100.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "101.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "102.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "103.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "104.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "105.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "106.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "107.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "108.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "109.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "110.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "111.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "112.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "113.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "114.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "115.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "116.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "117.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "118.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "119.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "120.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "121.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "122.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "123.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "124.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "125.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "126.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "127.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// Link-local/APIPA (RFCs 3927, 5735 and 6303)
zone "254.169.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IETF protocol assignments (RFCs 5735 and 5736)
zone "0.0.192.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
zone "2.0.192.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "100.51.198.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "113.0.203.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// Domain Names for Documentation and Testing (BCP 32)
zone "test" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "example" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "invalid" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "example.com" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "example.net" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "example.org" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// Router Benchmark Testing (RFCs 2544 and 5735)
zone "18.198.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "19.198.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IANA Reserved - Old Class E Space (RFC 5735)
zone "240.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "241.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "242.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "243.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "244.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "245.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "246.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "247.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "248.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "249.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "250.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "251.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "252.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "253.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "254.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Unassigned Addresses (RFC 4291)
zone "1.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "3.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "4.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "5.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "6.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "7.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "8.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "9.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "a.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "b.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "c.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "d.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "e.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "0.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "1.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "2.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "3.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "4.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "5.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "6.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "7.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "8.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "9.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "a.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "b.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "0.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "1.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "2.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "3.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "4.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "5.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "6.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "7.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IPv6 ULA (RFCs 4193 and 6303)
zone "c.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "d.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Link Local (RFCs 4291 and 6303)
zone "8.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "9.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "a.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "b.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
zone "c.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "d.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "e.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "f.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IP6.INT is Deprecated (RFC 4159)
zone "ip6.int" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "domain.com" {
type master;
file "/var/named/var/named/domain.db";
allow-transfer { int_dns2; int_dns3; };
allow-query { internals; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/named/var/named/192.168.1.rev";
allow-transfer { int_dns2; int_dns3; };
allow-query { internals; };
};
...
;
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users