This is weird trouble. Years ago I did authoritative server on openbsd
4.x and it's just works
for both - local network and queries from Internet.
But now it doesn't. I know - this is my issue, please help to resolve.
###named.conf###
// $OpenBSD: named-simple.conf,v 1.10 2009/11/02 21:12:56 jakob Exp $
acl tlk {
192.168.5.0/24;
192.168.55.0/24;
192.168.66.0/24;
192.168.99.0/24;
127.0.0.1; };
options {
version ""; // remove this to allow version queries
listen-on { 127.0.0.1; 192.168.5.254; 192.168.55.254; ext_if; };
listen-on-v6 { none; };
allow-transfer { none; };
empty-zones-enable yes;
// forward first;
forwarders { provider's dns; };
allow-recursion { tlk; };
allow-query { any; };
};
view "allow-recursion" {
match-clients { tlk; };
// recursion yes;
zone "." {
type hint;
file "etc/root.hint"; };
zone "localhost" {
type master;
file "standard/localhost";
// allow-transfer { localhost; };
};
zone "127.in-addr.arpa" {
type master;
file "standard/loopback";
// allow-transfer { localhost; };
};
zone "zone.1" {
type master;
file "/master/zone.1"; };
zone "zone.2" {
type master;
file "/master/zone.3"; };
zone "zone.4" {
type master;
file "/master/zone.4"; };
zone "168.192.in-addr.arpa" {
type master;
file "/master/168.192.in-addr.arpa"; };
include "/master/forbidden.conf";
};
view "deny-recursion" {
recursion no;
additional-from-cache no;
additional-from-auth no;
zone "zone.5" {
type master;
file "/master/zone.5"; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "**";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel security_channel {
# Send log messages to the specified file
file "log/security.log";
# Log all messages
severity debug;
# Log the date and time of the message
print-time yes;
# Log the category of the message
print-category yes;
# Log the severity level of the message
print-severity yes;
};
channel default {
# Send logs to the 'local0' syslog facility
syslog local0;
# Log messages of severity 'info' or higher
severity info;
print-category yes;
print-severity yes;
};
# Logs about approval and denial of requests
category security {
security_channel;
default;
};
# Ignore logs about misconfigured remote servers
category lame-servers { null; };
# Default logging options
category default { default; };
};
###zone.5###
; $OpenBSD: db.localhost,v 1.2 2005/02/07 06:08:10 david Exp $
$ORIGIN zone.5.
$TTL 24h
@ IN SOA ns1.zone.5. admin.zone.com. (
10 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
NS ns1.zone.5.
NS ns2.zone.5.
@ IN A right.IP
www IN A right.IP
ns1 IN A right.IP
ns2 IN A right.IP2
###pf.conf related rules###
pass in on $ext_if inet proto { tcp, udp } from any to em1 port domain
pass in on $int_if inet proto { udp, tcp } from <lan> to $int_if port {
ntp, domain }
pass out on $ext_if inet proto udp from em1 to any
I see a numbers of external queries to my server, but don't see the answers:
# tcpdump -i em1 -p udp 'port domain'
09:28:23.152111 smtp.eurocom.su.19716 > my.server.domain: 59597 [1au] A?
www.zone.5. (45)
09:28:24.136607 idbh.ru.47793 > my.server.domain: 26171% [1au] A?
www.zone.5. (45)
09:28:26.942971 smtp.eurocom.su.44341 > my.server.domain: 615 A?
www.zone.5. (34)
09:28:27.191067 smtp.eurocom.su.17302 > my.server.domain: 42979 [1au] A?
www.zone.5. (45)
09:28:29.417383 smtp.eurocom.su.34958 > my.server.domain: 53565 A?
www.zone.5. (34)
09:28:29.737934 idbh.ru.45564 > my.server.domain: 27837 A? www.zone.5. (34)
From local net:
[email protected]:~$ nslookup
> zone.5
Server: 192.168.5.254
Address: 192.168.5.254#53
Non-authoritative answer:
Name: zone.5
Address: right.IP
# tcpdump -i em0 -p udp 'port domain'
10:00:41.702484 pc.local.46571 > my.server.domain: 50830+ A? zone.5. (30)
10:00:41.702625 my.server.domain > pc.local.46571: 50830 1/2/0 A
right.IP (82)
