I just started using views in bind-9.9.9-P2
Where before I had my internal+external addrs listed, I offered
responses/services via
ACL to internalnets,
Recently, I decided to use a split view config between external and internal
(internal addrs being 192.168...).
I now get messages upon startup about my bind server being non-authoritative for
both internal and external addrs (for each subnet I am a master for).
I never used to get that message when they were all in a root config.
Do I need to somehow "delegate" from the root to each zone, or why would
I be getting non-authoritative for the same data that is now split into views?
Any insights/hints would be appreciated -- since it's my first time
using them, I've no clue if the messages indicate I did something wrong...
Am attaching the basic named.conf setup.. with, what I hope,
are the irrelevant parts deleted...
# /etc/named.conf
#
# A description of all available options can be found in
# /usr/share/doc/packages/bin8/html/options.html
#
# logging needs to go first to order subsequent messages
#
logging {
channel sys_log { syslog local3; severity notice;
print-category yes; print-severity yes; };
channel std_err { stderr; severity warning; };
channel named_log {
file "/var/log/named/named" versions 8 size 1m; severity notice;
print-time yes; print-category yes; print-severity yes; };
....
category "default" { named_log; named_info_log; std_err;};
};
options { ...};
include "/etc/bind.keys";
include "/etc/rndc.key";
include "/etc/dhcpd.key";
server 0.0.0.0 { transfer-format many-answers; };
server 192.168.3.2 { transfer-format many-answers; };
acl "internalnets" {
127.0.0.0/8;
192.168.3/24;
192.168.4/24; };
acl "slave" { 192.168.3.2; };
view "external" {
zone "." in { type hint; file "root.db"; };
zone "localhost" in {
type master;
file "master/localhost";
allow-update { localhost; };
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "master/127.0.0.zone";
allow-update { localhost; };
};
zone "tlinx.org" in {
type master;
file "master/tlinx.org.bin";
allow-transfer { localhost; internalnets; };
allow-query { localnets; localhost; };
notify yes;
};
zone "175.164.173.in-addr.arpa" in {
type master;
file "master/173.164.175.zone.db";
allow-transfer { localhost; internalnets; };
allow-query { localnets; localhost; };
notify yes;
};
};
controls {
inet 127.0.0.1 allow { 127.0.0.0/8; } keys {rndc-key; };
inet 192.168.4.1 allow { 127.0.0.0/8; 192.168.4.0/24; } keys {rndc-key;
};
inet 192.168.3.1 allow { 127.0.0.0/8; 192.168.3.0/24;} keys {rndc-key;
};
};
view "internal" {
match-clients { localhost; internalnets; };
#...
zone "internal.tlinx.org" in {
type master;
file "master/internal.tlinx.org.bin";
allow-transfer { localhost; internalnets; };
allow-query { localhost; internalnets; };
allow-update { key dhcp-bind ;};
notify yes;
};
#...
zone "0.168.192.in-addr.arpa" in {
type master;
file "master/0.168.192.zone.db";
allow-transfer { localhost; internalnets; };
allow-query { internalnets; localhost; };
allow-update { key dhcp-bind ;};
notify yes;
};
zone
"0.0.8.a.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.0.8.d.f.ip6.arpa" in {
type master;
file "master/fd80-3-0-0-0-0-192.168.4.zone.db";
allow-transfer { localhost; internalnets; };
allow-query { internalnets; localhost; };
notify yes;
};
};
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users