Re: Split Horizon DNS issues w/named.conf

Tue, 13 Jan 2009 08:22:24 -0800 

Christopher Sean Hilton wrote:

Repost with conf file included:
I'm trying to track down a split horizon DNS issue. On initial startup everything works great. Internal hosts can resolve names against my complete zone and can resolve names for other internal hosts just fine. External hosts get the abbreviated views that I've setup. But after a period of time named stops responding to external host. Requests to it just time out. I'm running stock named on OpenBSD 4.3. I've attached my named.conf file to this message:
take note of the security advisory for 4.3's BIND: http://openbsd.org/errata43.html#004_bind 

upgrade your grey matter cuz one day it may matter



// $OpenBSD: named-dual.conf,v 1.6 2004/08/16 15:48:28 jakob Exp $
//
acl clients {
        127.0.0.0/8;
        192.168.0.0/23;
        ::1;
};

options {
        version "";   // remove this to allow version queries

        listen-on    { any; };
        listen-on-v6 { any; };
};

logging {
        category lame-servers { null; };
};

view "internal" {
        match-clients { clients; };
        match-recursive-only yes;

        // 
---------------------------------------------------------------------------------------------
        // Standard zones
        //
        zone "." {
                type hint;
                file "standard/root.hint";
        };

        zone "localhost" {
                type master;
                file "standard/localhost";
                allow-transfer { localhost; };
        };

        zone "127.in-addr.arpa" {
                type master;
                file "standard/loopback";
                allow-transfer { localhost; };
        };

        zone 
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
                type master;
                file "standard/loopback6.arpa";
                allow-transfer { localhost; };
        };

        // 
---------------------------------------------------------------------------------------------
        // Slave zones
        //

        zone "example.com" IN {
                type slave;
                file "slave/db.example.com";
                check-names ignore;
                masters { 192.168.1.34; };
                allow-transfer { localhost; 192.168.1.34; 192.168.0.34; };
        };

        zone "0.168.192.in-addr.arpa" IN {
                type slave;
                file "slave/db.192.168.0";
                masters { 192.168.1.34; };
                allow-transfer { localhost; 192.168.1.34; 192.168.0.34; };
        };

        zone "1.168.192.in-addr.arpa" IN {
                type slave;
                file "slave/db.192.168.1";
                masters { 192.168.1.34; };
                allow-transfer { localhost; 192.168.1.34; 192.168.0.34; };
        };
};

view "external" {
        match-clients { "any"; };
        recursion no;
        additional-from-auth no;
        additional-from-cache no;

        // 
---------------------------------------------------------------------------------------------
        // Master zones

        zone "example.com" {
                type master;
                file "master/db.example.com";
        };
};

// Local variables:
// mode: fundamental
// mode: font-lock
// tab-width: 4
// End:



-- Chris

Reply via email to