> 'acl' block is not allowed not in options{}, only in 'topmost' block
Sorry, I should have been clearer - I meant allow-query, allow-recursion,
allow-query-cache, etc. Those are all access control lists too.
What I suspect is, in named.conf, you had something like this:
options {
[...]
allow-recursion { none; };
};
view internal {
[...]
allow-recursion { <addresses>; };
};
The inheritance logic is broken, causing allow-query-cache to be set
to "none" in the internal view; it was copied from the value of
allow-recursion at the "options" instead of the "view" level, as it
should've been. That breaks recursion, because both kinds of access
are needed.
I still haven't seen your "options" settings (unless it was in an earlier
email that I missed), so I was asking about them just to make absolutely
sure that's what the problem was.
We did find the inheritance bug because of your report (and, by the way,
thank you very much for testing the development verison!). It's being
tracked as https://gitlab.isc.org/isc-projects/bind9/-/issues/5647
in our bug database, and a fix will be merged today.
--
Evan Hunt -- [email protected]
Internet Systems Consortium, Inc.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list.
